Skip to main content

F5 Products Multiple Vulnerabilities

Release Date: 17 Oct 2024 3971 Views

RISK: High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in F5 Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege and cross-site scripting on the targeted system.

 

Note:

No patch is currently available for CVE-2019-10768, CVE-2019-14863, CVE-2022-25869, CVE-2023-26116, CVE-2023-26117 and CVE-2023-26118 of the affected products. Hence, the risk level is rated from Medium Risk to High Risk.

 


Impact

  • Denial of Service
  • Elevation of Privilege
  • Cross-Site Scripting

System / Technologies affected

BIG-IP (all modules)

  • 15.1.0 - 15.1.10
  • 16.1.0 - 16.1.5
  • 17.1.0 - 17.1.1

 

BIG-IQ Centralized Management

  • 8.2.0

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

 

Workaround:

 

For CVE-2019-10768, CVE-2019-14863, CVE-2022-25869, CVE-2023-26116, CVE-2023-26117 and CVE-2023-26118,  reduce the vulnerability of attacks by following workaround:

  1. Remove access for users who are not completely trusted

Vulnerability Identifier


Source


Related Link