CISA has observed cyber threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to enumerate other non-internet facing devices on the network. F5 BIG-IP is a suite of hardware and software solutions designed to manage and secure network traffic. A malicious cyber actor could leverage the information gathered from unencrypted persistence cookies to infer or identify additional network resources and potentially exploit vulnerabilities found in other devices present on the network.  

WaterISAC is sharing for member awareness. Organizations are urged to encrypt persistent cookies employed in F5 BIG-IP devices. For information about configuring BIG-IP LTM systems to encrypt HTTP cookies, visit MyF5. Find the full alert at CISA.