Security Advisory

F5 Product Security Update Advisory

  • May 09 2024

Overview

 

We have released updates to fix vulnerabilities in F5 products. users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-28883

  • BIG-IP (APM) Version: 17.1.0
  • BIG-IP (APM) Versions : 16.1.0 (inclusive) to 16.1.4 (inclusive)
  • BIG-IP (APM) versions: 15.1.0 (inclusive) to 15.1.10 (inclusive)
  • APM Clients versions: 7.2.3 (inclusive) to 7.2.4 (inclusive)

 

CVE-2024-31156

  • BIG-IP (all modules) Versions: 17.1.0 (inclusive) to 17.1.1 (inclusive)
  • BIG-IP (all modules) Versions: 16.1.0 (inclusive) to 16.1.4 (inclusive)
  • BIG-IP (all modules) versions: 15.1.0 (inclusive) to 15.1.10 (inclusive)

 

Resolved Vulnerabilities

 

Source validation vulnerability in the BIG-IP APM Browser Network Access VPN client (CVE-2024-28883)

XSS vulnerability in an unpublished page in the BIG-IP configuration utility (CVE-2024-31156)

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-28883

  • BIG-IP (APM) Version: 17.1.1
  • BIG-IP (APM) Version: 16.1.4.2
  • BIG-IP (APM) Version: 15.1.10.3
  • APM Clients Version: 7.2.4.4

 

CVE-2024-31156

  • BIG-IP (all modules) Version: 17.1.1.3
  • BIG-IP (all modules) Version : 16.1.4.3
  • BIG-IP (all modules) Version : 15.1.10.4

 

Referenced Sites

 

[1] K000138744: BIG-IP APM browser network access VPN client vulnerability CVE-2024-28883

https://my.f5.com/manage/s/article/K000138744

[2] K000138636: BIG-IP Configuration utility XSS vulnerability CVE-2024-31156

https://my.f5.com/manage/s/article/K000138636?utm_source=f5support&utm_medium=RSS

Tags:

Previous Post

Next Post