CVE-2024-45844

Published Oct 16, 2024

Last updated a month ago

CVSS high 8.6

Overview

Description
BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Source
f5sirt@f5.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.6
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Secondary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

f5sirt@f5.com
CWE-306

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2024-45844

    @transilienceai

    12 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Actively exploited CVE : CVE-2024-45844

    @transilienceai

    10 Nov 2024

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2024-45844

    @transilienceai

    8 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2024-45844

    @transilienceai

    5 Nov 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2024-45844

    @transilienceai

    4 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. #exploit 1. CVE-2024-45844: Privilege escalation in F5 BIG-IP https://t.co/oocgdJ60wM ]-> An implementation of F5's "mcp" protocol, including MitM tooling to sniff traffic while vuln hunting

    @ksg93rd

    31 Oct 2024

    87 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2024-45844 : Privilege escalation in F5 BIG-IP https://t.co/LhE8FRHzIU https://t.co/ZCEUlyg4pd

    @freedomhack101

    30 Oct 2024

    19 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2024-45844: Privilege escalation in F5 BIG-IP https://t.co/0Qk7tNjSUF

    @_r_netsec

    29 Oct 2024

    1356 Impressions

    3 Retweets

    10 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  9. F5 BIG-IP の脆弱性 CVE-2024-45844 (CVSS:8.6)​​ が FIX:PoC エクスプロイトも提供 https://t.co/xHSm95C99p #Exploit #F5 #TTP

    @iototsecnews

    28 Oct 2024

    157 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. BIG-IP F5 affected by a vulnerability CVE-2024-45844 #BIGIP #F5 #CVE-2024-45844 https://t.co/phpquxCb2r

    @pravin_karthik

    21 Oct 2024

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2024-45844: Privilege escalation in F5 BIG-IP https://t.co/0Qk7tNjSUF

    @_r_netsec

    1045 Impressions

    2 Retweets

    12 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  12. F5 Networks had published a Quarterly Security Notification on Oct 16th with a High severity vulnerablitiy as follows (CVE-2024-45844): 1. BIG-IP monitor functionality may allow an authenticated attacker with at least Manager role privileges to elevate their privileges and/or… h

    @SGoldshmit

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2024-45844 alert 🚨 F5 BIG-IP : Privilege escalation allowing users to access restricted data The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec #Patrowl https://t.co/y55

    @Patrowl_io

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2024-45844: Privilege escalation in F5 BIG-IP - Almond Offensive Security Blog https://t.co/Syvg2WCf53

    @1drewgordon

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. ⚠️⚠️ F5 BIG-IP Vulnerability (CVE-2024-45844): Access Control Bypass Risk, PoC Available 🔥PoC: https://t.co/M3Aa8dEibc 🎯1.7M+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/pTLpgAh0HY FOFA Query: app="f5-BIGIP"… https://t.co/rzzACSRhM

    @fofabot

    5522 Impressions

    36 Retweets

    96 Likes

    30 Bookmarks

    0 Replies

    1 Quote

  16. CVE-2024-45844 : Privilege escalation vulnerability in BIG-IP https://t.co/LhE8FRHzIU https://t.co/zfUcKg9NI0

    @freedomhack101

    23 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2024-45844: Privilege escalation in F5 BIG-IP - Almond Offensive Security Blog https://t.co/frvoYPDSUy

    @nuria_imeq

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CVE-2024-45844 BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings.  Note: Software versions which hav… https://t.co/iKBwkQ2IBb

    @CVEnew

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. New article on F5! A write-up on CVE-2024-45844, a privilege escalation vulnerability in BIG-IP by team member @myst404_ https://t.co/44CishyuHT https://t.co/RQN4ut9Pmu

    @AlmondOffSec

    1693 Impressions

    9 Retweets

    22 Likes

    6 Bookmarks

    0 Replies

    1 Quote

  20. CVE-2024-45844, a privilege escalation vulnerability in BIG-IP https://t.co/P6ibSAeSMp credit: @AlmondOffSec, @myst404_ Patch immediately!!!

    @dusheeno

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References