Vulnerabilities in F5’s BIG-IP suite are already being exploited after proof of concept (PoC) code began circulating online.
The cybersecurity biz confirmed in an update to its advisory for CVE-2023-46747 that it has evidence of active exploitation in the wild, less than five days after the initial limited-detail research was published by Praetorian.
This critical Apache JServ Protocol (AJP) smuggling vulnerability was what attracted much of the attention to F5’s BIG-IP configuration utility last week. It was then bundled into a much larger advisory containing numerous other CVEs impacting the product line.