CVE-2024-45844

Missing Authentication for Critical Function (CWE-306)

Published: Oct 16, 2024 / Updated: 34d ago

010
CVSS 8.6EPSS 0.04%High
CVE info copied to clipboard

Summary

BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings. This vulnerability is related to missing authentication for critical functions.

Impact

An attacker could potentially bypass access control restrictions on BIG-IP systems, regardless of port lockdown settings. This could lead to unauthorized access to critical functions, potentially compromising the confidentiality, integrity, and availability of the affected system. The vulnerability has a CVSS v3.1 base score of 7.2 (High) and a CVSS v4.0 base score of 8.6 (High), indicating a significant potential impact.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

The vulnerability data does not provide specific information about available patches. However, it mentions that software versions which have reached End of Technical Support (EoTS) are not evaluated. This suggests that users should ensure they are running a supported version of BIG-IP software and apply any available security updates from F5.

Mitigation

1. Ensure BIG-IP systems are running on the latest supported version and apply any security patches provided by F5. 2. Implement strong access controls and authentication mechanisms for all critical functions. 3. Regularly review and update port lockdown settings. 4. Monitor systems for any suspicious activities or unauthorized access attempts. 5. Implement network segmentation to limit the potential impact of a successful exploit. 6. Follow the principle of least privilege for all user and service accounts. 7. Stay informed about any future updates or patches released by F5 regarding this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-45844

Oct 16, 2024 at 3:15 PM
CVSS

A CVSS base score of 7.2 has been assigned.

Oct 16, 2024 at 3:20 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-45844. See article

Oct 16, 2024 at 3:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 16, 2024 at 3:24 PM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 17, 2024 at 12:26 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (209162)

Oct 17, 2024 at 1:15 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 17, 2024 at 10:04 AM
Threat Intelligence Report

CVE-2024-45844 is a privilege escalation vulnerability that has been identified, with prior research by Ron Bowes on MCP messages aiding in its understanding and exploitation. The criticality, CVSS score, exploitation in the wild, proof-of-concept exploits, mitigations, detections, patches, and potential downstream impacts on third-party vendors or technology are not specified in the provided information. Further investigation is recommended to assess the full scope and implications of this vulnerability. See article

Oct 17, 2024 at 11:28 AM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 17, 2024 at 11:28 AM
Static CVE Timeline Graph

Affected Systems

F5/big-ip
+null more

Attack Patterns

CAPEC-12: Choosing Message Identifier
+null more

References

F5 BIG-IP内部机制深度剖析:CVE-2024-45844特权升级漏洞揭秘
From a security point of view, it means that any attacker able to send a MCP message can, for example, create a new root-level account, change any user's role, or modify any user's password. By using the script in the refreshing-mcp-tool repository or by sending a network request like shown below, it is easy to perform a privilege escalation and become administrator.
CVE-2024-45844: Privilege escalation in F5 BIG-IP
From a security point of view, it means that any attacker able to send a MCP message can, for example, create a new root-level account, change any user's role, or modify any user's password. By using the script in the refreshing-mcp-tool repository or by sending a network request like shown below, it is easy to perform a privilege escalation and become administrator.
Last Week in Security - 2024-10-21
DLL Sideloading - This blog discusses the concept of DLL Sideloading as a technique to execute custom malicious code from legitimate Windows binaries, providing details on how to detect vulnerabilities and exploit the technique. The post provides detailed lab setups, methods of exploitation, and tools like Bloodhound, Net RPC, and Powerview to demonstrate how attackers can abuse these permissions to gain domain dominance and compromise Active Directory systems.

News

cyberark.com/resources/threat- research-blog/anatomy-of-an-llm-rce - exploiting LLM * https:// blackwinghq.com/blog/posts/fin ding-vulnerability-variants-at-scale/ - hunting bug classes at scale with variant analysis
CPAI-2024-1016
The post CPAI-2024-1016 appeared first on Check Point Software .
CVE-2024-45844 : Privilege escalation in F5 BIG-IP
CVE-2024-45844 : Privilege escalation in F5 BIG-IP https://offsec.almond.consulting/privilege-escalation-f5-CVE-2024-45844.html (Feed generated with FetchRSS )
CVE-2024-45844: Privilege escalation in F5 BIG-IP https:// offsec.almond.consulting/privi lege-escalation-f5-CVE-2024-45844.html
CVE-2024-45844: Privilege escalation in F5 BIG-IP
See 47 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI