Analysis Summary

CVE-2024-37028 CVSS:5.3

F5 BIG-IP Next Central Manager is vulnerable to a denial of service. By sending a specially crafted request, an remote attacker could exploit this vulnerability to lock out a BIG-IP Next Central Manager webUI account.

CVE-2024-41719 CVSS:4.2

F5 BIG-IP Next Central Manager could allow a local authenticated attacker to obtain sensitive information, caused by the insertion of sensitive information into log file. By accessing the log files, a local authenticated attacker could exploit this vulnerability to obtain sensitive information.

CVE-2024-7347 CVSS:4.7

F5 NGINX Plus and NGINX Open Source are vulnerable to a denial of service, caused by a buffer over-read flaw in the ngx_http_mp4_module. By using a specially crafted mp4 file, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-41164 CVSS:5.9

F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when a TCP profile with Multipath TCP enabled (MPTCP) is configured on a virtual server. By sending a specially crafted request, an remote attacker could exploit this vulnerability to cause TMM to terminate.

CVE-2024-41723 CVSS:4.3

F5 BIG-IP could allow a remote authenticated attacker to obtain sensitive information. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.

Impact

• Denial of Service
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2024-37028
• CVE-2024-41719
• CVE-2024-7347
• CVE-2024-41164
• CVE-2024-41723

Affected Vendors

Remediation

Refer to F5 Security Advisory Security for patch, upgrade or suggested workaround information.

CVE-2024-37028

CVE-2024-41719

CVE-2024-7347

CVE-2024-41164

CVE-2024-41723