June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
CVE-2024-34342 – Node.js Vulnerability
May 11, 2024WSHRAT aka Houdini – Active IOCs
May 12, 2024CVE-2024-34342 – Node.js Vulnerability
May 11, 2024WSHRAT aka Houdini – Active IOCs
May 12, 2024
Severity
Medium
Analysis Summary
CVE-2024-33612 CVSS:6.8
F5 BIG-IP Next Central Manager could allow a <remote/local> attacker to bypass security restrictions, caused by an improper certificate validation vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to cross a security boundary.
CVE-2024-32761 CVSS:6.5
F5 BIG-IP could allow a remote attacker to obtain sensitive information, caused by a flaw in Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-33604 CVSS:6.1
F5 BIG-IP is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victims Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victims cookie-based authentication credentials.
CVE-2024-28889 CVSS:5.9
F5 BIG-IP is vulnerable to a denial of service, caused by a SSL vulnerability. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.
CVE-2024-27202 CVSS:4.7
F5 BIG-IP is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the BIG-IP Configuration utility to inject malicious script into a Web page which would be executed in a victims Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victims cookie-based authentication credentials.
CVE-2024-28132 CVSS:4.4
F5 BIG-IP Next CNF could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in Global Server Load Balancing (GSLB) container. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Security Bypass
- Information Disclosure
- Cross-Site Scripting
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-33612
- CVE-2024-32761
- CVE-2024-33604
- CVE-2024-28889
- CVE-2024-27202
- CVE-2024-28132
Affected Vendors
F5
Affected Products
- F5 BIG-IP 15.1.0
- F5 BIG-IP 16.1.0
- F5 BIG-IP 17.1.0
- F5 BIG-IP 15.1.9
- F5 BIG-IP 16.1.4
- F5 BIG-IP 15.1.10
- F5 BIG-IP Next Central Manager 20.0.1
- F5 BIG-IP Next Central Manager 20.1.0
- F5 BIG-IP Next CNF 1.2.1
- F5 BIG-IP Next CNF 1.2.0
- F5 BIG-IP 17.1.1
Remediation
Refer to F5 Security Advisory for patch, upgrade or suggested workaround information.
