- 233/2024
- High
F5 has released security updates to address several vulnerabilities across multiple F5 products.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, obtain a user’s session cookies, and continue to use that session to access BIG-IP Next Central Manager or gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. BIG-IP Next Central Manager Vulnerability (CVE-2024-39809):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. BIG-IP High-Speed Bridge (HSB) Vulnerability (CVE-2024-39778):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Sample of Affected Products:
- BIG-IP.
- BIG-IP Next Central Manager
- NGINX Plus and NGINX Open Source.
Vulnerabilities
- CVE-2024-39809
- CVE-2024-39778
- CVE-2024-39792
- CVE-2024-41727
- CVE-2024-41164
- CVE-2024-37028
- CVE-2024-7347
- CVE-2024-41723
- CVE-2024-41719
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.