F5 BIG-IP: Attackers can bypass restrictions through access controls
F5 has reported a security vulnerability in the monitor function of BIG-IP. Attackers can compromise affected systems.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Attackers can exploit a vulnerability in the F5 BIG-IP appliances to extend their rights and manipulate the configuration. This could compromise the BIG-IP system, the manufacturer warns.
In the accompanying security advisory, F5 developers write that "this vulnerability allows authenticated attackers with manager role or higher privileges and access to the configuration tool or TMOS shell (tmsh) to escalate their privileges and compromise the BIG-IP system" (CVE-2024-45844, CVSS 8.6, risk"high"). The vulnerability is therefore a missing authentication for a critical function (CWE-306).
Vulnerable and unaffected devices
According to the F5 developers, F5 BIG-IP versions 15.1.0 to 15.1.10, 16.1.0 to 16.1.4 and 17.1.0 to 17.1.1 are vulnerable. The affected component or function "Monitors" contains the security fixes in F5 BIG-IP 15.1.10.5, 16.1.5 and 17.1.1.4. The company points out that it is only investigating software that has not yet reached the end of technical support. Older software versions should therefore first be updated to versions that are still supported.
Videos by heise
F5 also lists BIG-IP Next (all modules), BIG-IP Next Central Manager, BIG-IP Next SPK and CNF as unaffected products. This also includes BIG-IQ Centralized Management, F5 Distributed Cloud, F5 Silverline, NGINX One Console, F5OS-A, F5OS-C, NGINX and finally Traffix SDC.
In the security announcement, the developers also list potential temporary countermeasures that IT managers should implement if they are unable to install the updates immediately. This starts with granting access only to absolutely trustworthy persons. In addition, access to the BIG-IP configuration tool and SSH via IP addresses should only be granted to trusted networks or devices.
In mid-August, F5 patched vulnerabilities in the BIG-IP and BIG-IP Next appliances that could have allowed attackers to compromise networks. Several of the company's product series were affected by security vulnerabilities, some of which were highly risky.
(dmk)
