Severity Level: High
Title:
Vulnerability in F5 BIG-IP
Summary:
Vulnerability Details:
• CVE-2024-45844- High/8.6 (CVSS v4.0)
• BIG-IP monitor functionality may allow an authenticated attacker with at least Manager role privileges to elevate their privileges and/or modify the configuration.
• Impact: o Allows privilege escalation for authenticated users.
o Compromises the control plane without exposing the data plane. o Classifies as CWE-306: Missing Authentication for Critical Function
Recommendations:
•Upgrade all affected BIG-IP systems to the latest versions that include security patches.
• Conduct an audit of user roles and permissions, ensuring that only necessary personnel have Manager role access.
• Monitor system logs for unusual activities or unauthorized access attempts.
References:
click here