F5 Products Denial of Service Vulnerability

f5-Logo
High6

Details

A vulnerability was identified in F5 Products. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.

Note:

No patch is currently available for CVE-2023-4408 of the affected products.

Impact

  • Denial of Service

System / Technologies affected

BIG-IP (all modules)

  • 17.1.0 – 17.1.1
  • 16.1.0 – 16.1.4
  • 15.1.0 – 15.1.10 

BIG-IQ Centralized Management

  • 8.1.0 – 8.3.0

Solutions

Apply workarounds issued by the vendor:

Workaround:

Reduce the vulnerability of attacks by following workaround:

  1. Ensuring that TCP/UDP port 53 is not allowed as a default service (allow-service default)
  2. Disabling the Use BIND Server on BIG-IP option in the DNS profile

Vulnerability Identifier

  • CVE-2024-4408

Reference

https://www.hkcert.org/security-bulletin/f5-big-ip-denial-of-service-vulnerability_20240326

https://my.f5.com/manage/s/article/K000138990