Skip to main content

F5 Products Multiple Vulnerabilities

Last Update Date: 10 May 2024 Release Date: 9 May 2024 3156 Views

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in F5 Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, cross-site scripting, information disclosure and security restriction bypass on the targeted system.

 

Note:

No patch is currently available for CVE-2024-27983 of the affected products.

 

[Updated on 2024-05-10]

Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.


Impact

  • Remote Code Execution
  • Security Restriction Bypass
  • Denial of Service
  • Cross-Site Scripting
  • Information Disclosure

System / Technologies affected

BIG-IP (all modules)

  • 15.1.0 - 15.1.10
  • 16.1.0 - 16.1.4
  • 16.1.2.1 - 16.1.4
  • 17.1.0 - 17.1.1

 

BIG-IP Next Central Manager

  • 20.0.1 - 20.0.2
  • 20.0.1 - 20.1.0

 

BIG-IP (AFM)

  • 17.1.0 
  • 16.1.0 - 16.1.3
  • 15.1.10

 

BIG-IP Next CNF

  • 1.1.0 - 1.1.1

 

BIG-IP (APM)

  • 17.1.0
  • 16.1.0 - 16.1.4
  • 15.1.0 - 15.1.10

 

APM Clients

  • 7.2.3 - 7.2.4

 

BIG-IP (Advanced WAF/ASM)

  • 15.1.0 - 15.1.10
  • 16.1.0 - 16.1.4
  • 17.1.0 - 17.1.1

 

BIG-IP Next (WAF)

  • 20.0.1 - 20.1.0

 

NGINX App Protect WAF

  • 4.0.0 - 4.8.0
  • 3.10.0 - 3.12.2

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

 

Apply workarounds issued by the vendor:

 

Workaround:

Reduce the vulnerability of attacks by following workaround:

  • Use F5 Application Services Templates (FAST) instead of iApps to deploy HTTP server-related apps when possible.


Vulnerability Identifier


Source


Related Link