Active exploitation of F5 BIG-IP vulnerability underway

Threat actors have launched attacks leveraging a recently patched critical request smuggling flaw in F5's BIG-IP offering, tracked as CVE-2023-46747, just days after the release of a proof-of-concept exploit code, SecurityWeek reports. Such intrusions have also involved the exploitation of another flaw within F5 BIG-IP's configuration utility, tracked as CVE-2023-46748, according to F5, which has already issued updated indicators-of-compromise for both bugs. Meanwhile, Praetorian Security researchers, who discovered the critical vulnerability, noted that new System user creation, administrative credential logins, and arbitrary command execution have been possible with the exploitation of the Apache JServ Protocol request. "During testing, we regularly would get our F5 BIG-IP so jammed up that it was just faster to do a full server reboot than it was to wait for things to clear out normally. There's a secondary bug here in that if you do this enough, you'll eventually catch the login session of someone else trying to hit the server, but given the fact that you can get RCE through this as well, it seems not to be as huge of a deal, said Praetorian researcher Michael Weber.