Network Security, Patch/Configuration Management, Threat Intelligence

CISA: Attacks exploiting F5 BIG-IP cookies underway

Share
Credit: Adobe Stock Images

Organizations have been warned by the Cybersecurity and Infrastructure Security Agency about ongoing attacks exploiting unencrypted F5 BIG-IP Local Traffic Manager module-managed persistence cookies to discover other devices within the targeted network, according to BleepingComputer.

"A malicious cyber actor could leverage the information gathered from unencrypted persistence cookies to infer or identify additional network resources and potentially exploit vulnerabilities found in other devices present on the network," said CISA. With persistence cookies remaining unencrypted by default despite their risks due to performance and compatibility concerns, organizations have been urged by the agency to evaluate F5's instructions on persistent cookie encryption, which details the availability of a "Required" configuration option beginning in version 11.5.0 that adds AES-192 encryption to such cookies, as well as the "Preferred" option that conducts encrypted cookie generation while accepting unencrypted ones. Moreover, misconfigurations in F5 BIG-IP could be detected using the firm's 'BIG-IP iHealth' tool, said CISA.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.