F5 Products Multiple Vulnerabilities

Last Update Date: 10 May 2024 Release Date: 9 May 2024 1754 Views

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in F5 Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, cross-site scripting, information disclosure and security restriction bypass on the targeted system.

Note:

No patch is currently available for CVE-2024-27983 of the affected products.

[Updated on 2024-05-10]

Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.

Impact

Remote Code Execution
Security Restriction Bypass
Denial of Service
Cross-Site Scripting
Information Disclosure

System / Technologies affected

BIG-IP (all modules)

15.1.0 - 15.1.10
16.1.0 - 16.1.4
16.1.2.1 - 16.1.4
17.1.0 - 17.1.1

BIG-IP Next Central Manager

20.0.1 - 20.0.2
20.0.1 - 20.1.0

BIG-IP (AFM)

17.1.0
16.1.0 - 16.1.3
15.1.10

BIG-IP Next CNF

1.1.0 - 1.1.1

BIG-IP (APM)

17.1.0
16.1.0 - 16.1.4
15.1.0 - 15.1.10

APM Clients

7.2.3 - 7.2.4

BIG-IP (Advanced WAF/ASM)

15.1.0 - 15.1.10
16.1.0 - 16.1.4
17.1.0 - 17.1.1

BIG-IP Next (WAF)

20.0.1 - 20.1.0

NGINX App Protect WAF

4.0.0 - 4.8.0
3.10.0 - 3.12.2

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

Apply workarounds issued by the vendor:

https://my.f5.com/manage/s/article/K000139532

Workaround:

Reduce the vulnerability of attacks by following workaround:

Use F5 Application Services Templates (FAST) instead of iApps to deploy HTTP server-related apps when possible.

F5 Products Multiple Vulnerabilities

Impact

System / Technologies affected

Solutions

Vulnerability Identifier

Source

Related Link