Two vulnerabilities have been discovered in BIG-IP, which are associated with Insufficient Session Fixation and Expired Pointer Dereference.
These vulnerabilities have been assigned to CVE-2024-39809 and CVE-2024-39792, and the severity was given as 7.5 (High).
Moreover, these vulnerabilities were affecting BIG-IP Next Central Manager and NGINX MQTT (Message Queuing Telemetry Transport). F5 has addressed these vulnerabilities, and security advisories have been published.
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot
Multiple F5 Vulnerabilities
CVE-2024-39809: BIG-IP Next Central Manager Vulnerability
This vulnerability exists because the user session refresh token does not expire when the user logs out.
A threat actor with access to a user’s session can use the session to access BIG-IP Next Central Manager and systems managed by BIG-IP Next Central Manager from which the user has logged out.
However, this vulnerability affects BIG-IP Next Central Manager version 20.1.0 and has been fixed in version 20.2.0. The vulnerable component of this product has been identified as webUI.
CVE-2024-39792: NGINX Plus MQTT vulnerability
This vulnerability arises when NGINX Plus is configured to use the MQTT filter module, during which undisclosed requests can increase memory resource utilization.
Further this vulnerability allows a remote, unauthenticated threat actor to cause a degradation of service that can lead to denial of service conditions of NGINX.
Further, the system performance can degrade unless the NGINX master and worker processes are forced to restart and/or manually restarted.
The vulnerable component of this product has been identified as ngx_stream_mqtt_filter_module.
Affected Products And Fixed In Version
F5 has recommended that users upgrade their products to the latest versions to prevent threat actors from exploiting these vulnerabilities.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces
