August 20, 2024 at 07:18AM
In August 2024, F5 released patches for nine vulnerabilities, including high-severity flaws in BIG-IP and NGINX Plus. The most severe issue, CVE-2024-39809, impacts BIG-IP Next Central Manager, allowing attackers to access systems after user logout. F5 also addressed CVE-2024-39778, CVE-2024-39792, and CVE-2024-41727, as well as five medium-severity flaws. Mitigation actions are provided.
From the provided meeting notes, it is clear that F5 has announced the release of patches for several vulnerabilities affecting their products. The most severe of these issues is CVE-2024-39809, impacting BIG-IP Next Central Manager, which is an insufficient session expiration bug that allows an attacker to continue accessing systems even after the user has logged out. This affects BIG-IP Next Central Manager version 20.1.0 and was addressed with the release of version 20.2.0.
Another high-severity bug, CVE-2024-39778, impacts BIG-IP versions 15.x, 16.x, and 17.x, causing disruption to traffic and leading to a denial-of-service (DoS) condition. This was addressed with the release of versions 16.1.5 and 17.1.1, and can be mitigated by configuring the virtual server to Standard and changing the Idle Timeout value of the associated UDP profile to use Immediate.
NGINX Plus instances configured to use the MQTT filter module are affected by CVE-2024-39792, causing an increase in resource utilization and potentially leading to performance degradation. This was resolved in NGINX Plus versions R32 P1 and R31 P3, and can be mitigated by disabling the MQTT filter module.
Furthermore, F5 has disclosed a high-severity flaw, CVE-2024-41727, impacting BIG-IP tenants running on r2000 and r4000 series hardware, and BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC. This vulnerability can be exploited to degrade the service until the TMM process is forced to restart, causing a DoS condition. The issue was addressed with the release of version 16.1.5 of the appliance.
Additionally, F5 has also announced fixes for five medium-severity flaws in BIG-IP and NGINX (Plus and Open Source) that could lead to various security issues, including DoS conditions and account lockout.
It is worth noting that F5 has mentioned that none of these vulnerabilities have been exploited in the wild. More information can be found in F5’s quarterly security notification.