Blog
Share This Post
[ad_1]
Updates have been issued by F5 to address a pair of flaws impacting its BIG-IP and BIG-IQ offerings, Security Affairs reports.
Attackers with at least “manager” privileges could leverage the BIG-IP vulnerability, tracked as CVE-2024-45844, to facilitate privilege escalation and systems compromise, according to an advisory from F5, which urged the immediate application of BIG-IP versions 15.1.10.5, 16.1.5, and 17.1.1.4. “The only mitigation is to remove access for users who are not completely trusted. Until you can install a fixed version, you can use the following sections as temporary mitigations,” F5 said. On the other hand, the BIG-IQ stored cross-site scripting issue, tracked as CVE-2024-47139, could be exploited to facilitate JavaScript execution under the guise of the logged-in user. F5 has advised the adoption of BIG-IQ centralized management versions 8.2.0.1 and 8.3.0. to remediate the bug. Neither of the bugs, which are control plane issues, are reported to be actively exploited.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
