#VU89329 Origin validation error in BIG-IP APM and APM Clients - CVE-2024-28883

Cybersecurity Help s.r.o.

Published: 2024-05-10

Vulnerability identifier: #VU89329

Vulnerability risk: Medium

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-28883

CWE-ID: CWE-346

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
BIG-IP APM
Hardware solutions / Security hardware applicances
APM Clients
Hardware solutions / Security hardware applicances

Vendor: F5 Networks

Description

The vulnerability allows a remote attacker to bypass endpoint inspection.

The vulnerability exists due to origin validation error in the BIG-IP APM browser network access VPN client. A remote attacker with ability to perform MitM attack can bypass endpoint inspection and establish a network access (VPN) connection with a BIG-IP APM system.

This vulnerability specifically affects the BIG-IP APM browser network access VPN client when the BIG-IP APM access policy is configured with an endpoint inspection item in the Visual Policy Editor (VPE), Endpoint Security (client or server).

BIG-IP Edge Client/F5 Access/CLI and other clients are not affected.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

BIG-IP APM: before 15.1.10.3

APM Clients: before 7.2.4.4

External links
https://my.f5.com/manage/s/article/K000138744

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Security restrictions bypass in F5 BIG-IP APM and APM Clients