CISA: Attacks exploiting F5 BIG-IP cookies underway

Organizations have been warned by the Cybersecurity and Infrastructure Security Agency about ongoing attacks exploiting unencrypted F5 BIG-IP Local Traffic Manager module-managed persistence cookies to discover other devices within the targeted network, according to BleepingComputer.

"A malicious cyber actor could leverage the information gathered from unencrypted persistence cookies to infer or identify additional network resources and potentially exploit vulnerabilities found in other devices present on the network," said CISA. With persistence cookies remaining unencrypted by default despite their risks due to performance and compatibility concerns, organizations have been urged by the agency to evaluate F5's instructions on persistent cookie encryption, which details the availability of a "Required" configuration option beginning in version 11.5.0 that adds AES-192 encryption to such cookies, as well as the "Preferred" option that conducts encrypted cookie generation while accepting unencrypted ones. Moreover, misconfigurations in F5 BIG-IP could be detected using the firm's 'BIG-IP iHealth' tool, said CISA.