F5 BIG-IP Users Beware: Critical Websockets Vulnerability Leaves Systems Exposed

CVECVE-2024-21849
CVSScvssV3_1: 7.5
SourceCVE-2024-21849

A critical vulnerability has been discovered in F5 BIG-IP load balancers and application delivery controllers that could allow remote attackers to crash the Traffic Management Microkernel (TMM) process.

The vulnerability, tracked as CVE-2024-21849, receives a CVSS score of 7.5 out of 10 due to its potential impact. It arises due to a lack of proper validation of undisclosed traffic when both an Advanced WAF/ASM security policy and a Websockets profile are configured on the virtual server.

Attackers could exploit this by crafting special packets and sending them to the targeted BIG-IP device. As the TMM process fails to properly handle this invalid traffic, it could cause the process to terminate unexpectedly. This would lead to disruption of network services and applications hosted on the BIG-IP.

F5 BIG-IP users are urged to apply the necessary software updates to patch this vulnerability as soon as possible. Administrators should also ensure they have the latest Advanced WAF/ASM security policies and Websockets profiles configured as per best practices. Applying the principle of least privilege is also recommended to limit potential damage from such attacks.

While details of the vulnerability are undisclosed, taking prompt action to patch and tighten security measures can help network operators protect their BIG-IP devices and hosted infrastructure from exploitation of this critical remote code execution vulnerability.

References