Summary: A critical vulnerability (CVE-2024-45844) in F5 BIG-IP allows authenticated attackers to bypass access controls, potentially leading to privilege escalation and system compromise. Organizations are urged to update to fixed versions to mitigate this high-risk flaw, which affects multiple branches of the software.
Threat Actor: Authenticated users | authenticated users
Victim: F5 BIG-IP users | F5 BIG-IP users
Key Point :
- The vulnerability allows attackers with Manager role privileges to elevate their access and modify configurations.
- Exploitation could lead to unauthorized access to sensitive information and disruption of network traffic.
- F5 recommends restricting access to the Configuration utility and SSH to trusted users and networks.
- Updated versions of BIG-IP have been released to address this vulnerability, and users are strongly encouraged to upgrade.
- Temporary mitigations include blocking access to the Configuration utility and SSH until updates are applied.
A critical vulnerability has been identified in F5 BIG-IP, a popular network traffic management and security solution. The vulnerability, tracked as CVE-2024-45844 and assigned a CVSSv4 score of 8.6 (High), could allow authenticated attackers to bypass access control restrictions and potentially compromise the system.
According to the security advisory issued by F5, the vulnerability exists within the BIG-IP monitor functionality. “BIG-IP monitor functionality may allow an authenticated attacker with at least Manager role privileges to elevate their privileges and/or modify the configuration,” the advisory states. This means that even with port lockdown settings in place, an attacker with the necessary credentials could exploit this flaw to gain unauthorized access and control.
CVE-2024-45844 affects various versions of F5 BIG-IP across different branches (17.x, 16.x, 15.x). Exploitation could lead to privilege escalation, configuration modification, and complete system compromise. While the vulnerability is limited to the control plane and does not expose the data plane, the potential consequences remain significant. An attacker could gain unauthorized access to sensitive information, disrupt network traffic, or even launch further attacks.
F5 credits myst404 (@myst404_) from Almond for discovering and responsibly disclosing this vulnerability. Also, the researcher published the technical details and a proof-of-concept exploit for this flaw.
F5 acknowledges that mitigating this vulnerability is challenging, as it involves legitimate, authenticated users. “As this attack is conducted by legitimate, authenticated users, there is no viable mitigation that also allows users access to the Configuration utility or command line through SSH,” the advisory explains. The primary recommendation is to restrict access to the Configuration utility and SSH to only completely trusted users and networks.
F5 has released updated versions of BIG-IP that address this vulnerability. Organizations using affected versions are strongly urged to update their systems to the latest fixed versions as soon as possible. Temporary mitigations, such as blocking access to the Configuration utility and SSH through self IP addresses or the management interface, can be implemented until updates are applied.