F5 Products Multiple Vulnerabilities
RISK: Medium Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in F5 Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, cross-site scripting, information disclosure and security restriction bypass on the targeted system.
Note:
No patch is currently available for CVE-2024-27983 of the affected products.
[Updated on 2024-05-10]
Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.
Impact
- Remote Code Execution
- Security Restriction Bypass
- Denial of Service
- Cross-Site Scripting
- Information Disclosure
System / Technologies affected
BIG-IP (all modules)
- 15.1.0 - 15.1.10
- 16.1.0 - 16.1.4
- 16.1.2.1 - 16.1.4
- 17.1.0 - 17.1.1
BIG-IP Next Central Manager
- 20.0.1 - 20.0.2
- 20.0.1 - 20.1.0
BIG-IP (AFM)
- 17.1.0
- 16.1.0 - 16.1.3
- 15.1.10
BIG-IP Next CNF
- 1.1.0 - 1.1.1
BIG-IP (APM)
- 17.1.0
- 16.1.0 - 16.1.4
- 15.1.0 - 15.1.10
APM Clients
- 7.2.3 - 7.2.4
BIG-IP (Advanced WAF/ASM)
- 15.1.0 - 15.1.10
- 16.1.0 - 16.1.4
- 17.1.0 - 17.1.1
BIG-IP Next (WAF)
- 20.0.1 - 20.1.0
NGINX App Protect WAF
- 4.0.0 - 4.8.0
- 3.10.0 - 3.12.2
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://my.f5.com/manage/s/article/K000138634
- https://my.f5.com/manage/s/article/K000138732
- https://my.f5.com/manage/s/article/K000138733
- https://my.f5.com/manage/s/article/K000138636
- https://my.f5.com/manage/s/article/K000138728
- https://my.f5.com/manage/s/article/K000139037
- https://my.f5.com/manage/s/article/K000138744
- https://my.f5.com/manage/s/article/K000139217
- https://my.f5.com/manage/s/article/K000138894
- https://my.f5.com/manage/s/article/K000138912
- https://my.f5.com/manage/s/article/K000138520
- https://my.f5.com/manage/s/article/K000132430
- https://my.f5.com/manage/s/article/K11342432
- https://my.f5.com/manage/s/article/K000138898
Apply workarounds issued by the vendor:
Workaround:
Reduce the vulnerability of attacks by following workaround:
Use F5 Application Services Templates (FAST) instead of iApps to deploy HTTP server-related apps when possible.
Vulnerability Identifier
- CVE-2024-21793
- CVE-2024-25560
- CVE-2024-26026
- CVE-2024-27202
- CVE-2024-28883
- CVE-2024-28889
- CVE-2024-31156
- CVE-2024-32049
- CVE-2024-32761
- CVE-2024-33604
- CVE-2024-33608
Source
Related Link
- https://my.f5.com/manage/s/article/K000138634
- https://my.f5.com/manage/s/article/K000138732
- https://my.f5.com/manage/s/article/K000138733
- https://my.f5.com/manage/s/article/K000138636
- https://my.f5.com/manage/s/article/K000138728
- https://my.f5.com/manage/s/article/K000139037
- https://my.f5.com/manage/s/article/K000138744
- https://my.f5.com/manage/s/article/K000139217
- https://my.f5.com/manage/s/article/K000138894
- https://my.f5.com/manage/s/article/K000138912
- https://my.f5.com/manage/s/article/K000138520
- https://my.f5.com/manage/s/article/K000132430
- https://my.f5.com/manage/s/article/K11342432
- https://my.f5.com/manage/s/article/K000138898
Related Tags
Share with