F5 BIG-IP ASM/Advanced WAF Memory Resource Vulnerability

CVECVE-2024-21789
CVSScvssV3_1: 7.5
SourceCVE-2024-21789

F5’s BIG-IP Application Security Manager (ASM) and Advanced Web Application Firewall (WAF) are designed to protect web applications from common exploits and vulnerabilities. However, researchers discovered a vulnerability that could allow attackers to consume more memory resources than expected on devices with these technologies configured.

The vulnerability, tracked as CVE-2024-21789, has a CVSS score of 7.5 out of 10. It occurs when undisclosed requests are made to a virtual server that has an ASM/WAF security policy configured. This can cause an increase in memory utilization on the affected device. Attackers could potentially leverage this to degrade performance or even cause a denial of service.

While details of the vulnerability are undisclosed, it seems malformed or unexpected requests to the virtual server are not properly handled by ASM/WAF. This allows memory consumption to grow higher than it should for the number of connections or requests. With enough traffic, an attacker may be able to exhaust available memory.

The best way for F5 BIG-IP users to protect themselves is to ensure their devices are updated with the latest software version, which should include a fix for this issue. Those who can no longer receive updates due to end of support should consider upgrading to a current version or contacting F5 for alternative mitigation advice. Maintaining updated software is crucial for avoiding known vulnerabilities.

References