F5 Networks has issued a safety alert a few extreme vulnerability in its BIG-IP Configuration utility, recognized as CVE-2023-46748.
This vulnerability is an authenticated SQL injection flaw that permits attackers with community entry to execute arbitrary system instructions.
F5 Networks has categorized this concern below CWE-89, indicating an ‘Improper Neutralization of Particular Components utilized in an SQL Command’ (SQL Injection) downside.
The Vulnerability Particulars
The vulnerability permits authenticated attackers with entry to the BIG-IP Configuration utility via the administration port and/or self-IP addresses to inject malicious SQL instructions.
Though this concern impacts the management airplane and never the info airplane, the potential of unauthorized command execution raises severe considerations about system safety.
F5’s Response and Mitigation
F5 Networks has promptly responded to the problem by assigning an ID (1381357) to trace the vulnerability.
They’ve launched an engineering hotfix for affected variations of the BIG-IP system that haven’t but reached the Finish of Software program Growth.
Clients impacted by this vulnerability are suggested to obtain the hotfix from the MyF5 Downloads web page.
Nonetheless, since authenticated customers perform the assault, conventional mitigation methods are restricted.
One prompt momentary measure is to restrict entry to the Configuration utility, permitting solely trusted networks or gadgets.
Customers can block Configuration utility entry via self-IP addresses, lowering the assault floor.
F5 Networks offers detailed directions for implementing these momentary mitigations, emphasizing the significance of limiting entry for untrusted customers.
Indicators of Compromise
F5 Networks has recognized indicators of compromise associated to this vulnerability.
Entries within the /var/log/tomcat/catalina.out file, similar to java.sql.SQLException and executed shell instructions function potential indicators of exploitation.
Customers are urged to stay vigilant and monitor their methods for any suspicious actions.
Acknowledgments
F5 Networks extends its gratitude to the researchers who reported this concern, adhering to accountable disclosure practices.
Whereas the corporate acknowledges the efforts of those researchers, they emphasize the urgency for customers to take fast motion to safe their methods.
F5 Networks’ swift response underscores the significance of well timed updates and patches in defending towards evolving threats.
Customers of BIG-IP methods are strongly inspired to use the supplied mitigations and obtain the mandatory hotfix to guard their methods from potential exploitation.
Shield your self from vulnerabilities utilizing Patch Supervisor Plus to patch over 850 third-party purposes shortly. Attempt a free trial to make sure 100% safety.