Multiple F5 Flaws Let Attackers Login With User Session & Cause DoS Attack

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

Two vulnerabilities have been discovered in BIG-IP, which are associated with Insufficient Session Fixation and Expired Pointer Dereference.

These vulnerabilities have been assigned to CVE-2024-39809 and CVE-2024-39792, and the severity was given as 7.5 (High).

Moreover, these vulnerabilities were affecting BIG-IP Next Central Manager and NGINX MQTT (Message Queuing Telemetry Transport). F5 has addressed these vulnerabilities, and security advisories have been published.

Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot

Multiple F5 Vulnerabilities

CVE-2024-39809: BIG-IP Next Central Manager Vulnerability

This vulnerability exists because the user session refresh token does not expire when the user logs out.

A threat actor with access to a user’s session can use the session to access BIG-IP Next Central Manager and systems managed by BIG-IP Next Central Manager from which the user has logged out.

However, this vulnerability affects BIG-IP Next Central Manager version 20.1.0 and has been fixed in version 20.2.0. The vulnerable component of this product has been identified as webUI.

CVE-2024-39792: NGINX Plus MQTT vulnerability

This vulnerability arises when NGINX Plus is configured to use the MQTT filter module, during which undisclosed requests can increase memory resource utilization.

Further this vulnerability allows a remote, unauthenticated threat actor to cause a degradation of service that can lead to denial of service conditions of NGINX. 

Further, the system performance can degrade unless the NGINX master and worker processes are forced to restart and/or manually restarted.

The vulnerable component of this product has been identified as ngx_stream_mqtt_filter_module.

Affected Products And Fixed In Version

Product Branch Versions known to be vulnerable Fixes introduced in Severity/CVSS score Vulnerable component or feature
BIG-IP Next Central Manager 20.x 20.1.0 20.2.0 High/7.5 (CVSS v3.1) webUI
High/8.9 (CVSS v4.0)
NGINX Plus R3x R30 – R32 R32 P1 High/7.5 (CVSS v3.1) ngx_stream_mqtt_filter_module module
R31 P3 High/8.7 (CVSS v4.0)

F5 has recommended that users upgrade their products to the latest versions to prevent threat actors from exploiting these vulnerabilities.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces