April 25, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Advanced Cyberattack by APT28 Targets Polish Government – Active IOCs
May 9, 2024Multiple GitHub Products Vulnerabilities
May 9, 2024Advanced Cyberattack by APT28 Targets Polish Government – Active IOCs
May 9, 2024Multiple GitHub Products Vulnerabilities
May 9, 2024
Severity
High
Analysis Summary
CVE-2024-28883 CVSS:7.4
F5 BIG-IP (APM) and APM Clients could allow a remote attacker to bypass security restrictions, caused by an origin validation flaw in browser network access VPN client. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass F5 endpoint inspection.
CVE-2024-32049 CVSS:7.4
F5 BIG-IP Next Central Manager is vulnerable to a man-in-the-middle attack, caused by a flaw in the SSL communication between BIG-IP Next LTM/WAF instance and BIG-IP Next Central Manager. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain BIG-IP Next LTM/WAF instance credentials.
CVE-2024-25560 CVSS:7.5
BIG-IP (AFM) is vulnerable to a denial of service, caused by a NULL pointer dereference flaw. By sending specially crafted DNS traffic, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.
CVE-2024-33608 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when IPsec is configured on a virtual server. By sending a specially crafted traffic , a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.
CVE-2024-26026 CVSS:8.6
F5 BIG-IP Next Central Manager is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements to the API, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2024-21793 CVSS:7.5
F5 BIG-IP Next Central Manager is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements to the API, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2024-31156 CVSS:8
F5 BIG-IP is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Configuration utility. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Impact
- Denial of Service
- Security Bypass
- Information Obtained
- Data Manipulation
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-28883
- CVE-2024-32049
- CVE-2024-25560
- CVE-2024-33608
- CVE-2024-26026
- CVE-2024-21793
- CVE-2024-31156
Affected Vendors
F5
Affected Products
- F5 BIG-IP (APM) 15.1.0
- F5 BIG-IP (APM) 16.1.0
- F5 BIG-IP (AFM) 16.1.3
- F5 BIG-IP 17.1.0
- F5 BIG-IP (APM) 17.1.0
- F5 BIG-IP (APM) 15.1.10
- F5 BIG-IP (APM) 16.1.4
- F5 APM Clients 7.2.3
- F5 APM Clients 7.2.4
- F5 BIG-IP Next Central Manager 20.0.1
- F5 BIG-IP Next Central Manager 20.0.2
- F5 BIG-IP Next Central Manager 20.1.0
Remediation
Refer to F5 Security Advisory for patch, upgrade or suggested workaround information.
