Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Carding News
Update soon: the security flaw in BIG-IP is actively used in real attacks
Message
<blockquote data-quote="Brianwill" data-source="post: 727" data-attributes="member: 15"><p>The protection of corporate systems is entirely in the hands of administrators.</p><p></p><p>F5 has reported on the active exploitation of a critical vulnerability in BIG-IP systems, which we discussed at the end of last week. This breach was designated CVE-2023-46747 and has a critical risk level of 9.8 on the CVSS scale.</p><p></p><p>As reported, the vulnerability that can lead to the execution of arbitrary system commands in the BIG-IP product has already become part of the chain of real hacker attacks.</p><p></p><p>The security flaw affects several versions of the software, starting with 13.1.0 and ending with 17.1.0, and fixes have already been released for all the problematic versions.</p><p></p><p>The company also warned of abuse of a second vulnerability, tracked as CVE-2023-46748. It is a SQL injection vulnerability that requires authentication in the BIG-IP configuration utility.</p><p></p><p>For both vulnerabilities, we recommend that the released patches be applied immediately. In addition, the company provides instructions for users with detailed signs of compromise to determine whether the above-described SQL injection vulnerability was exploited in a particular network.</p><p></p><p>Representatives of Shadowserver today reported that since October 30, the organization's Honeypot sensors have repeatedly detected attempts to exploit CVE-2023-46747. Experts stressed the critical need for rapid system updates to prevent attacks.</p><p></p><p><a href="https://carder.market/login/" target="_blank">https://carder.market/login/</a></p></blockquote><p></p>
[QUOTE="Brianwill, post: 727, member: 15"] The protection of corporate systems is entirely in the hands of administrators. F5 has reported on the active exploitation of a critical vulnerability in BIG-IP systems, which we discussed at the end of last week. This breach was designated CVE-2023-46747 and has a critical risk level of 9.8 on the CVSS scale. As reported, the vulnerability that can lead to the execution of arbitrary system commands in the BIG-IP product has already become part of the chain of real hacker attacks. The security flaw affects several versions of the software, starting with 13.1.0 and ending with 17.1.0, and fixes have already been released for all the problematic versions. The company also warned of abuse of a second vulnerability, tracked as CVE-2023-46748. It is a SQL injection vulnerability that requires authentication in the BIG-IP configuration utility. For both vulnerabilities, we recommend that the released patches be applied immediately. In addition, the company provides instructions for users with detailed signs of compromise to determine whether the above-described SQL injection vulnerability was exploited in a particular network. Representatives of Shadowserver today reported that since October 30, the organization's Honeypot sensors have repeatedly detected attempts to exploit CVE-2023-46747. Experts stressed the critical need for rapid system updates to prevent attacks. [URL='https://carder.market/login/'][/URL] [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Carding News
Update soon: the security flaw in BIG-IP is actively used in real attacks
Top