Details
A vulnerability was identified in F5 Products. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.
Note:
No patch is currently available for CVE-2023-4408 of the affected products.
Impact
- Denial of Service
System / Technologies affected
BIG-IP (all modules)
- 17.1.0 – 17.1.1
- 16.1.0 – 16.1.4
- 15.1.0 – 15.1.10
BIG-IQ Centralized Management
- 8.1.0 – 8.3.0
Solutions
Apply workarounds issued by the vendor:
Workaround:
Reduce the vulnerability of attacks by following workaround:
- Ensuring that TCP/UDP port 53 is not allowed as a default service (allow-service default)
- Disabling the Use BIND Server on BIG-IP option in the DNS profile
Vulnerability Identifier
- CVE-2024-4408
Reference
https://www.hkcert.org/security-bulletin/f5-big-ip-denial-of-service-vulnerability_20240326