Security updates F5: Attackers can gain unauthorized access to BIG-IP appliances
Several vulnerabilities allow attacks on BIG-IP Next Central Manager and BIG-IP Next SPK.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
BIG-IP appliances from F5 are vulnerable and attackers can compromise company networks after successful attacks. Security patches close several gaps.
As the list of affected F5 products is beyond the scope of this report, admins must study the warning messages linked below this article. Further information on the software vulnerabilities and security updates can also be found there.
Possible attacks
Attackers can exploit a vulnerability (CVE-2024-39809"high") in BIG-IP Next Central Manager and gain unauthorized access. This is due to a token that does not expire after a user logs out. In this way, an attacker who is able to obtain a session cookie can log in and access devices managed by the software.
For the vulnerable BIG-IP modules 16.1.0 to 16.1.4, release 16.1.5 closes a vulnerability (CVE-2024-41727"high") that attackers can use for a DoS attack. Attacks should be possible remotely and without authentication.
Attackers can also lock out users (CVE-2024-37028"medium") and view access data (CVE-2024-41719"medium"). There are currently no reports of ongoing attacks. As BIG-IP appliances often play a central role in company networks, admins should not delay too long with patching.
List sorted by threat level in descending order:
- BIG-IP Next Central Manager vulnerability CVE-2024-39809
- BIG-IP TMM vulnerability CVE-2024-41727
- BIG-IP HSB vulnerability CVE-2024-39778
- BIG-IP MPTCP vulnerability CVE-2024-41164
- BIG-IP Next Central Manager vulnerability CVE-2024-37028
- BIG-IP Next Central Manager vulnerability CVE-2024-41719
- Python urllib3 vulnerability CVE-2024-37891
(des)
