Cyber Security

Multiple F5 Flaws Let Attackers Login With User Session & Cause DoS Attack

by Esmeralda McKenzie
written by Esmeralda McKenzie
Multiple F5 Flaws Let Attackers Login With User Session & Cause DoS Attack

Multiple F5 Flaws Let Attackers Login With User Session & Cause DoS Attack

Extra than one F5 Flaws Let Attackers Login With Person Session & Reason DoS Assault

Two vulnerabilities had been stumbled on in BIG-IP, which may per chance likely be associated with Insufficient Session Fixation and Expired Pointer Dereference.

These vulnerabilities had been assigned to CVE-2024-39809 and CVE-2024-39792, and the severity used to be given as 7.5 (High).

Moreover, these vulnerabilities had been affecting BIG-IP Subsequent Central Manager and NGINX MQTT (Message Queuing Telemetry Transport). F5 has addressed these vulnerabilities, and security advisories had been revealed.

Extra than one F5 Vulnerabilities

CVE-2024-39809: BIG-IP Subsequent Central Manager Vulnerability

This vulnerability exists for the reason that user session refresh token doesn’t expire when the user logs out.

A threat actor with gain admission to to a user’s session can expend the session to gain admission to BIG-IP Subsequent Central Manager and techniques managed by BIG-IP Subsequent Central Manager from which the user has logged out.

google

Nonetheless, this vulnerability impacts BIG-IP Subsequent Central Manager version 20.1.0 and has been fixed in version 20.2.0. The inclined part of this product has been identified as webUI.

CVE-2024-39792: NGINX Plus MQTT vulnerability

This vulnerability arises when NGINX Plus is configured to expend the MQTT filter module, all during which undisclosed requests can lengthen memory helpful resource utilization.

Additional this vulnerability permits a faraway, unauthenticated threat actor to place of dwelling off a degradation of provider that can result in denial of provider stipulations of NGINX.

Additional, the system performance can degrade except the NGINX master and employee processes are forced to restart and/or manually restarted.

The inclined part of this product has been identified as ngx_stream_mqtt_filter_module.

Affected Products And Mounted In Version

Product Branch Versions identified to be inclined Fixes provided in Severity/CVSS receive Susceptible part or characteristic
BIG-IP Subsequent Central Manager 20.x 20.1.0 20.2.0 High/7.5 (CVSS v3.1) webUI
High/8.9 (CVSS v4.0)
NGINX Plus R3x R30 – R32 R32 P1 High/7.5 (CVSS v3.1) ngx_stream_mqtt_filter_module module
R31 P3 High/8.7 (CVSS v4.0)

F5 has instructed that customers upgrade their merchandise to the most modern versions to forestall threat actors from exploiting these vulnerabilities.

googlenews

RELATED ARTICLESMORE FROM AUTHOR

Roundcube Webmail Vulnerability

Cyber Security

Roundcube Webmail Vulnerability Let Attackers Song Email Opens

png;base64,iVBORw0KGgoAAAANSUhEUgAAANoAAACWAQMAAACCSQSPAAAAA1BMVEWurq51dlI4AAAAAXRSTlMmkutdmwAAABpJREFUWMPtwQENAAAAwiD7p7bHBwwAAAAg7RD+AAGXD7BoAAAAAElFTkSuQmCC

Cyber Security Recordsdata

New Node.js Based mostly LTX Stealer Assault Users to Exfiltrate Login Credentials

png;base64,iVBORw0KGgoAAAANSUhEUgAAANoAAACWAQMAAACCSQSPAAAAA1BMVEWurq51dlI4AAAAAXRSTlMmkutdmwAAABpJREFUWMPtwQENAAAAwiD7p7bHBwwAAAAg7RD+AAGXD7BoAAAAAElFTkSuQmCC

Cyber Security Recordsdata

ScarCruft Abuses Educated Cloud Companies and products for C2 and OLE-basically based mostly Chain to Tumble Malware

Source credit : cybersecuritynews.com

Related Posts

SparkCat Malware Uses OCR to Extract Crypto Wallet...

CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited...

Meta’s Llama Framework Flaw Exposes AI Systems to...

Android’s New Identity Check Feature Locks Device Settings...

2025 State of SaaS Backup and Recovery Report

Over 100 Security Flaws Found in LTE and...

DoJ Indicts 5 Individuals for $866K North Korean...

Palo Alto Firewalls Found Vulnerable to Secure Boot...

QakBot-Linked BC Malware Adds Enhanced Remote Access and...

Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity...