F5 Products Multiple Vulnerabilities

Release Date: 16 Apr 2025

RISK: High Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in F5 Products, attacker can exploit this vulnerability to trigger sensitive information disclosure and denial of service condition on the targeted system.

 

Note:

No patch is currently available for  CVE-2023-42795 and CVE-2024-11187 of the affected products.  Hence, the risk level is rated as High Risk.

---

Impact

• Denial of Service
• Information Disclosure

---

System / Technologies affected

BIG-IP (all modules)

• 17.5.0
• 17.1.0 - 17.1.2
• 16.1.0 - 16.1.6
• 15.1.0 - 15.1.10

 

Traffix SDC

• 5.2.0
• 5.1.0

 

---

Solutions

Workaround:

Mitigate the vulnerability of attacks by following workaround:

 

For CVE-2023-42795:

 

1. Block iControl REST access through the self IP address.
2. Block iControl REST access through the management interface. 

Please visit the vendor web-site for more details.

 

Apply workarounds issued by the vendor:

• http://my.f5.com/manage/s/article/K000138178

 

For CVE-2024-11187:

 

1. Limit the amount of information included in DNS responses by modifying the 'named.conf' file and setting 'minimal-responses' to 'yes'.

Please visit the vendor web-site for more details.

 

Apply workarounds issued by the vendor:

• https://my.f5.com/manage/s/article/K000150814

 

 

 

---

Vulnerability Identifier

• CVE-2023-42795
• CVE-2024-11187

---

Source

• F5

---

Related Link

• https://my.f5.com/manage/s/article/K000138178
• https://my.f5.com/manage/s/article/K000150814