F5 fixes pair of product vulnerabilities

Share This Post



Updates have been issued by F5 to address a pair of flaws impacting its BIG-IP and BIG-IQ offerings, Security Affairs reports.

Attackers with at least “manager” privileges could leverage the BIG-IP vulnerability, tracked as CVE-2024-45844, to facilitate privilege escalation and systems compromise, according to an advisory from F5, which urged the immediate application of BIG-IP versions 15.1.10.5, 16.1.5, and 17.1.1.4. “The only mitigation is to remove access for users who are not completely trusted. Until you can install a fixed version, you can use the following sections as temporary mitigations,” F5 said. On the other hand, the BIG-IQ stored cross-site scripting issue, tracked as CVE-2024-47139, could be exploited to facilitate JavaScript execution under the guise of the logged-in user. F5 has advised the adoption of BIG-IQ centralized management versions 8.2.0.1 and 8.3.0. to remediate the bug. Neither of the bugs, which are control plane issues, are reported to be actively exploited.



Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Blogs

Mickey Mouse operation hacked by former employee

A disgruntled former Disney worker stands accused of illegally hacking the company’s systems and harassing its workers. Michael Scheuer, a former system administrator with the

Do You Want To Boost Your Business?

drop us a line and keep in touch