F5 and Fortinet flaws exploited

A critical remote-code-execution vulnerability in F5 BIG-IP, a widely used application delivery controller, is under active exploitation by attackers, posing a severe risk to enterprise networks. The flaw, tracked as CVE-2023-46747, allows unauthenticated attackers to execute arbitrary code on affected systems, potentially compromising sensitive data and infrastructure. F5 has confirmed that the vulnerability impacts versions of BIG-IP prior to the latest patches and is urging organizations to update immediately to mitigate the threat. The Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its Known Exploited Vulnerabilities catalog, signaling its urgency and mandating federal agencies to patch by a strict deadline. (bleepingcomputer.com) Simultaneously, a SQL injection vulnerability in Fortinet FortiClient Endpoint Management Server (EMS), identified as CVE-2023-48788, is also being exploited in the wild. This flaw enables attackers to manipulate database queries, potentially gaining unauthorized access to systems or escalating privileges within enterprise environments. Fortinet, a major player in cybersecurity solutions, disclosed that the bug affects specific versions of FortiClient EMS, a tool used to manage endpoint security for large organizations. The company has released patches and is working with customers to ensure rapid deployment, while warning that unpatched systems remain at high risk of compromise. (cybersecuritynews.com) The F5 BIG-IP vulnerability is particularly concerning because the platform serves as a critical infrastructure layer for load balancing, security, and traffic management in many enterprise networks. Often positioned at the edge of networks, BIG-IP devices protect APIs, web applications, and other services, making them prime targets for attackers seeking to infiltrate deeper into systems. Security researchers have observed exploitation attempts within days of the flaw’s public disclosure, with some attacks aiming to deploy ransomware or establish persistent backdoors. The rapid weaponization underscores the need for organizations to prioritize detection and response alongside patching efforts. (bleepingcomputer.com) Fortinet’s FortiClient EMS vulnerability compounds the challenge for IT teams, as it targets endpoint management systems that are central to securing remote workforces and VPN connections. With hybrid work models still prevalent, endpoints remain a key attack vector, and a breach in EMS could enable attackers to disable security controls or distribute malware across an organization’s devices. Fortinet has reported that while the exploitation is active, the scope appears narrower compared to past incidents like the 2021 FortiGate VPN attacks, though exact numbers of affected systems are not yet public. CISA has similarly flagged this vulnerability for urgent action, emphasizing its potential impact on critical infrastructure sectors. (cybersecuritynews.com) Looking ahead, platform and security teams face a tight window to implement patches and scan for signs of compromise, as both vulnerabilities are already part of active attack campaigns. For F5 BIG-IP, organizations without immediate patching capabilities are advised to restrict management interface access and monitor for unusual network activity. Fortinet customers are encouraged to audit EMS logs for indicators of SQL injection attempts while deploying updates. CISA and industry experts anticipate that exploitation attempts will increase in the coming weeks, particularly targeting unpatched systems in small-to-medium enterprises with limited cybersecurity resources. (bleepingcomputer.com, cybersecuritynews.com)