Network and application
Critical Flaw in F5 BIG-IP Added to CISA’s Known Exploited Vulnerabilities Catalog
A critical vulnerability found in technology company F5 Networks’ BIG-IP system is the latest addition to the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities Catalog.
According to Help Net Security, governments, internet service providers, telecommunications, cloud service providers and other big enterprises worldwide use F5’s BIG-IP devices to manage and inspect network and application traffic.
F5 said the vulnerability, labeled CVE-2023-46747, “may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.”
Federal civilian executive branch agencies are required to address the identified vulnerability by Nov. 21, CISA said.
Other organizations, meanwhile, are not required to meet the deadline but are encouraged to prioritize mitigating the vulnerability in a timely manner.
Another flaw found in F5 BIG-IP was classified as a high-level vulnerability. The company stated that an authenticated Standard Query Language injection vulnerability, labeled CVE-2023-46748, exists in the BIG-IP Configuration utility that may allow hackers to gain administrative privileges in the system.
Tags: BIG-IP cybersecurity Cybersecurity and Infrastructure Security Agency F5 Networks Known Exploited Vulnerabilities Catalog