Updates have been issued by F5 to address a pair of flaws impacting its BIG-IP and BIG-IQ offerings, Security Affairs reports.
Attackers with at least "manager" privileges could leverage the BIG-IP vulnerability, tracked as CVE-2024-45844, to facilitate privilege escalation and systems compromise, according to an advisory from F5, which urged the immediate application of BIG-IP versions 15.1.10.5, 16.1.5, and 17.1.1.4. "The only mitigation is to remove access for users who are not completely trusted. Until you can install a fixed version, you can use the following sections as temporary mitigations," F5 said. On the other hand, the BIG-IQ stored cross-site scripting issue, tracked as CVE-2024-47139, could be exploited to facilitate JavaScript execution under the guise of the logged-in user. F5 has advised the adoption of BIG-IQ centralized management versions 8.2.0.1 and 8.3.0. to remediate the bug. Neither of the bugs, which are control plane issues, are reported to be actively exploited.
