- 288/2024
- High
F5 has released security updates to address multiple vulnerabilities across BIG-IP and BIG-IQ.
The addressed vulnerabilities could allow the remote attacker to conduct cross-site scripting attacks or bypass security restrictions and gain elevated privileges to the affected product.
The addressed vulnerabilities:
1. BIG-IP Monitors Security Bypass Vulnerability (CVE-2024-45844):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Bypass Security
2. F5 BIG-IQ Centralized Management Cross-Site Scripting Vulnerability (CVE-2024-47139):
- CVSS: 6.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Consequences: Cross-Site Scripting
Vulnerabilities
- CVE-2024-45844
- CVE-2024-47139
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.