PT-2024-7020 · F5 · F5 Big-Ip
Myst404
·
Published
2024-10-16
·
Updated
2025-10-21
·
CVE-2024-45844
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions prior to 17.1.1.4
F5 BIG-IP versions prior to 16.1.5
F5 BIG-IP versions prior to 15.1.10.5
Description
The issue is related to the BIG-IP monitor functionality, which may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings. This could enable an authenticated attacker with at least Manager role privileges to elevate their privileges and/or make configuration changes. It is estimated that over 1.7 million devices may be affected. The vulnerability is being actively exploited in the wild.
Recommendations
For versions prior to 17.1.1.4, update to version 17.1.1.4 or later.
For versions prior to 16.1.5, update to version 16.1.5 or later.
For versions prior to 15.1.10.5, update to version 15.1.10.5 or later.
Exploit
Fix
LPE
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
F5 Big-Ip