Two vulnerabilities have been discovered in BIG-IP, which are associated with Insufficient Session Fixation and Expired Pointer Dereference.
These vulnerabilities have been assigned to CVE-2024-39809 and CVE-2024-39792, and the severity was given as 7.5 (High).
Moreover, these vulnerabilities were affecting BIG-IP Next Central Manager and NGINX MQTT (Message Queuing Telemetry Transport). F5 has addressed these vulnerabilities, and security advisories have been published.
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot
This vulnerability exists because the user session refresh token does not expire when the user logs out.
A threat actor with access to a user’s session can use the session to access BIG-IP Next Central Manager and systems managed by BIG-IP Next Central Manager from which the user has logged out.
However, this vulnerability affects BIG-IP Next Central Manager version 20.1.0 and has been fixed in version 20.2.0. The vulnerable component of this product has been identified as webUI.
This vulnerability arises when NGINX Plus is configured to use the MQTT filter module, during which undisclosed requests can increase memory resource utilization.
Further this vulnerability allows a remote, unauthenticated threat actor to cause a degradation of service that can lead to denial of service conditions of NGINX.
Further, the system performance can degrade unless the NGINX master and worker processes are forced to restart and/or manually restarted.
The vulnerable component of this product has been identified as ngx_stream_mqtt_filter_module.
| Product | Branch | Versions known to be vulnerable | Fixes introduced in | Severity/CVSS score | Vulnerable component or feature |
| BIG-IP Next Central Manager | 20.x | 20.1.0 | 20.2.0 | High/7.5 (CVSS v3.1) | webUI |
| High/8.9 (CVSS v4.0) | |||||
| NGINX Plus | R3x | R30 – R32 | R32 P1 | High/7.5 (CVSS v3.1) | ngx_stream_mqtt_filter_module module |
| R31 P3 | High/8.7 (CVSS v4.0) |
F5 has recommended that users upgrade their products to the latest versions to prevent threat actors from exploiting these vulnerabilities.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces
The post Multiple F5 Flaws Let Attackers Login With User Session & Cause DoS Attack appeared first on Cyber Security News.