A critical vulnerability has been identified in F5 BIG-IP that could allow authenticated attackers to bypass access control restrictions and potentially compromise the system.
The vulnerability tracked as CVE-2024-45844 with a CVSS score of 8.6 exists within the BIG-IP monitor functionality that allow an authenticated attacker with at least manager role privileges to elevate their privileges and/or modify the configuration. This means that even with port lockdown settings in place, an attacker with the necessary credentials could exploit this flaw to gain unauthorized access and control.
CVE-2024-45844 affects various versions of F5 BIG-IP across different branches (17.x, 16.x, 15.x). Exploitation could lead to privilege escalation, configuration modification, and complete system compromise. While the vulnerability is limited to the control plane and does not expose the data plane, the potential consequences remain significant.
The only mitigation is to remove access for users who are not completely trusted. Until you can install a fixed version, you can use the following sections as temporary mitigations. These mitigations restrict access to the BIG-IP Configuration utility and command line through SSH to only trusted networks or devices, thereby limiting the attack surface.
- Block Configuration utility and SSH access through the management interface
- Block Configuration utility and SSH access through self IP addresses
F5 has released updated versions of BIG-IP that address this vulnerability. Organizations using affected versions are strongly urged to update their systems to the latest fixed versions as soon as possible.
For more information, refer to the official blog
