Subj : This cloud security software used by many enterprises is being ha To : All From : TechnologyDaily Date : Thu Nov 02 2023 12:45:05 This cloud security software used by many enterprises is being hacked, so patch now Date: Thu, 02 Nov 2023 12:30:22 +0000 Description: Hackers are abusing them in the wild and the developers are urging everyone to patch up ASAP. FULL STORY ====================================================================== Hackers are leveraging two recently discovered vulnerabilities in popular security software to target large enterprises and government agencies, allowing them to run arbitrary code and neatly cover their tracks. This is according to F5, the makers of the BIG-IP, which was found vulnerable to an authentication bypass flaw tracked as CVE-202346747 (9.8 severity score) and an SQL injection flaw tracked as CVE-2023-46748 (8.8 severity score). These two, F5 warned, were being abused by skilled attackers in the wild. "This information is based on the evidence F5 has seen on compromised devices, which appear to be reliable indicators," the company said in a recently published bulletin. "It is important to note that not all exploited systems may show the same indicators, and, indeed, a skilled attacker may be able to remove traces of their work." Affected versions All admins should first assume compromise, then look for evidence of the contrary, the company suggested, saying "it is not possible to prove a device has not been compromised; when there is any uncertainty, you should consider the device compromised." In helping admins to take the appropriate action, F5 has a guide on how to proceed if a compromise is suspected. Here is a list of the impacted versions: 17.1.0 (affected), fixed on 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG and later 16.1.0 16.1.4 (affected), fixed on 16.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG and later 15.1.0 15.1.10 (affected), fixed on 15.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG and later 14.1.0 14.1.5 (affected), fixed on 14.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG and later 13.1.0 13.1.5 (affected), fixed on 13.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG and later In addition to security features like a WAF and policy manager, BIG-IP also offers traffic management and load balancing services. The Cybersecurity & Infrastructure Security Agency (CISA) has added the vulnerabilities to its Known Exploited Vulnerabilities Catalog . Besides the patch, there is a script that mitigates the RCE vulnerability which can be found here . F5 also claims that attacker have been exploiting the two flaws together, so the mitigation script for CVE-2023-46747alone may be sufficient to prevent most attacks. With regards to CVE-2023-46748, a possible sign of compromise is entries in /var/log/tomcat/catalina.out that look like this: {...} java.sql.SQLException: Column not found: 0. {...) sh: no job control in this shell sh-4.2$ sh-4.2$ exit. If BIG-IP hasn't been patched, then compromise should be presumed, since attackers can hide their tracks after an attack. Via BleepingComputer More from TechRadar Pro Botnets responsible for nearly all malicious web traffic Here's a list of the best firewalls today These are the best endpoint protection tools around ====================================================================== Link to news story: https://www.techradar.com/pro/security/this-cloud-security-software-used-by-ma ny-enterprises-is-being-hacked-so-patch-now --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .