F5 Products Remote Code Execution Vulnerability

Release Date: 13 Feb 2025

RISK: High Risk

TYPE: Operating Systems - Networks OS

A vulnerability was identified in F5 Products. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note:

No patch is currently available for CVE-2024-9287 of the affected products. Hence, the risk level is rated as High Risk.

---

Impact

• Remote Code Execution

---

System / Technologies affected

BIG-IP Next CNF

• 1.1.0 - 1.4.0

 

BIG-IP Next SPK

• 1.7.0 - 1.9.2

---

Solutions

Workaround:

Mitigate the vulnerability of attacks by following workaround:

 

1. Do not create and use custom Python scripts using the vulnerable venv module

 

Please visit the vendor web-site for more details.

 

Apply workarounds issued by the vendor:

• https://my.f5.com/manage/s/article/K000149756

 

 

---

Vulnerability Identifier

• CVE-2024-9287

---

Source

• F5

---

Related Link

• https://my.f5.com/manage/s/article/K000149756