Rewterz Threat Advisory – Multiple F5 Products Vulnerabilities

February 15, 2024

Severity

High

Analysis Summary

CVE-2024-22093 CVSS:8.7

F5 BIG-IP could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw when running in Appliance mode. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2024-23979 CVSS:7.5

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when an SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server. By sending specially crafted requests, a remote attacker could exploit this vulnerability to cause an increase in CPU resource utilization.

CVE-2024-21849 CVSS:7.5

F5 BIG-IP (Advanced WAF) and BIG-IP (ASM) are vulnerable to a denial of service, caused by a flaw when an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server. By sending a specially crafted traffic, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) process to terminate.

CVE-2024-23982 CVSS:7.5

F5 BIG-IP (PEM) is vulnerable to a denial of service, caused by a flaw when PEM classification profile is configured on a UDP virtual server. By sending specially crafted requests, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.

CVE-2024-21789 CVSS:7.5

F5 BIG-IP (AFM) and BIG-IP (ASM) are vulnerable to a denial of service, caused by a flaw when security policy is configured on a virtual server. By sending specially crafted requests, a remote attacker could exploit this vulnerability to cause an increase in memory resource utilization.

CVE-2024-24775 CVSS:7.5

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when a virtual server is enabled with VLAN group and SNAT listener is configured. By sending a specially crafted traffic, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.

CVE-2024-23805 CVSS:7.5

F5 BIG-IP (Advanced WAF) and BIG-IP (ASM) is vulnerable to a denial of service, caused by a flawwhen the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. By sending specially crafted requests, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.

CVE-2024-23308 CVSS:7.5

F5 BIG-IP (Advanced WAF) and BIG-IP (ASM) are vulnerable to a denial of service, caused by a flaw when Request Body Handling option is attached to a virtual server. By sending specially crafted requests, a remote attacker could exploit this vulnerability to cause the BD process to terminate.

CVE-2024-21763 CVSS:7.5

F5 BIG-IP (AFM) is vulnerable to a denial of service, caused by a flaw when Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection. By sending specially crafted requests, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.

CVE-2024-21771 CVSS:7.5

F5 BIG-IP (AFM) and BIG-IP (IPS) are vulnerable to a denial of service, caused by improper input validation. By sending specially crafted traffic patterns, a remote attacker could exploit this vulnerability to cause a Traffic Management Microkernel (TMM) to restart and traffic disruption.

CVE-2024-23314 CVSS:7.5

F5 BIG-IP and BIG-IP Next SPK are vulnerable to a denial of service, caused by a flaw when HTTP/2 is configured. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.

CVE-2024-24989 CVSS:7.5

F5 NGINX Plus and NGINX Open Source are vulnerable to a denial of service, caused by a flaw in when configured to use the HTTP/3 QUIC module. By sending specially crafted requests, a remote attacker could exploit this vulnerability to cause NGINX worker processes to terminate.

CVE-2024-24990 CVSS:7.5

F5 NGINX Plus and NGINX Open Source are vulnerable to a denial of service, caused by a flaw when configured to use the HTTP/3 QUIC module. By sending specially crafted requests, a remote attacker could exploit this vulnerability to cause NGINX worker processes to terminate.

CVE-2024-22389 CVSS:7.2

F5 BIG-IP could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when deployed in high availability (HA) and an iControl REST API token is updated. By sending a specially crafted request, an attacker could exploit this vulnerability to use deleted or updated API tokens on the peer device until they expire.