June 26, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Iranian Cybercriminals Serve as Brokers for Sale of Vital Infrastructure Access – Active IOCs
October 17, 2024FormBook Malware – Active IOCs
October 18, 2024Iranian Cybercriminals Serve as Brokers for Sale of Vital Infrastructure Access – Active IOCs
October 17, 2024FormBook Malware – Active IOCs
October 18, 2024
Severity
High
Analysis Summary
CVE-2024-45844 CVSS:7.2
BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-47139 CVSS:6.8
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Impact
- Privilege Escalation
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-45844
- CVE-2024-47139
Affected Vendors
F5
Affected Products
- F5 BIG-IP - 16.1.4
- F5 BIG-IP - 17.1.0
- F5 BIG-IP - 15.1.10
- F5 BIG-IP - 15.1.0
- F5 BIG-IP - 16.1.0
- F5 BIG-IP - 17.1.1
- F5 BIG-IQ Centralized Management- 8.2.0
Remediation
Refer to F5 Security Advisory for patch, upgrade or suggested workaround information.