Main Vulnerability Database Exploits ID:10623 - Exploit for Missing Authentication for Critical Function in BIG-IP - CVE-2024-45844

ID:10623 - Exploit for Missing Authentication for Critical Function in BIG-IP - CVE-2024-45844

Published: October 18, 2024

Vulnerability identifier: #VU98758

Vulnerability risk: Low

CVE-ID: CVE-2024-45844

CWE-ID: CWE-306

Exploitation vector: Remote access

Vulnerable software:
BIG-IP

Link to public exploit:

https://offsec.almond.consulting/privilege-escalation-f5-CVE-2024-45844.html

Vulnerability description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to missing authentication for critical function within the BIG-IP monitor functionality. A remote user with access to the Configuration utility or TMOS Shell (tmsh) can escalate privileges and compromise the BIG-IP system.

Remediation

Install updates from vendor's website.

ID:10623 - Exploit for Missing Authentication for Critical Function in BIG-IP - CVE-2024-45844

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human