my.f5.com Open in urlscan Pro
35.158.127.53  Public Scan

Form analysis
1 forms found in the DOM

POST

<form id="fileUploadForm" enctype="multipart/form-data" method="post" target="fileUploadIframe"><input type="file" id="fileSelector" name="file" style="display: none;"><input name="filename" type="hidden"></form>

Text Content

Loading
×Sorry to interrupt
CSS Error

Refresh
Skip to content
 * F5.com
 * DevCentral
 * Partners

 * MyF5

Home PageMyF5
Toggle showing sub menu for Support


Toggle showing sub menu for My Products & Plans


Toggle showing sub menu for Resources


Open navigation menuHome PageMyF5
Search
Sign In

Search...Search...

Search tips

Security Advisory


K000140552: QUARTERLY SECURITY NOTIFICATION (AUGUST 2024)

Published Date: Aug 14, 2024Updated Date: Aug 14, 2024
 * Download Article
 * Bookmark Article
 * Show social share buttons

AI Recommended Content
Toggle showing the products this article Evaluated products:

Security Advisory Description

On August 14, 2024, F5 announced the following security issues. This document is
intended to serve as an overview of these vulnerabilities and security exposures
to help determine the impact to your F5 devices. You can find the details of
each issue in the associated articles.

You can watch the August 2024 Quarterly Security Notification briefing by
DevCentral in the following video:



 * High CVEs
 * Medium CVEs

High CVEs

Article (CVE)CVSS score1Affected productsAffected versions2Fixes introduced
inK000140111: BIG-IP Next Central Manager vulnerability CVE-2024-398097.5 (CVSS
v3.1)
8.9 (CVSS v4.0)BIG-IP Next Central Manager20.1.020.2.0K05710614: BIG-IP HSB
vulnerability CVE-2024-397787.5 (CVSS v3.1)
8.7 (CVSS v4.0)BIG-IP (all modules)17.1.0
16.1.0 - 16.1.4
15.1.0 - 15.1.1017.1.1
16.1.5K000140108: NGINX Plus MQTT vulnerability CVE-2024-397927.5 (CVSS v3.1)
8.7 (CVSS v4.0)NGINX PlusR30 - R32R32 P1
R31 P3K000138833: BIG-IP TMM vulnerability CVE-2024-417277.5 (CVSS v3.1)
8.7 (CVSS v4.0)BIG-IP (all modules)16.1.0 - 16.1.4
15.1.0 - 15.1.1016.1.5

1Starting with the August 2024 Quarterly Security Notification, F5 will provide
the CVSS v4.0 base score in addition to the CVSS v3.1 score, for first-party
security issues only. For more information about how F5 uses CVSS v4.0, refer to
K000140363: Overview of CVSS v4.0 in F5 security advisories.

2F5 evaluates only software versions that have not yet reached the End of
Technical Support (EoTS) phase of their lifecycle.

Medium CVEs

Article (CVE)CVSS score1Affected productsAffected versions2Fixes introduced
inK000138477: BIG-IP MPTCP vulnerability CVE-2024-411645.9 (CVSS v3.1)
8.2 (CVSS v4.0)BIG-IP Next SPK1.7.0 - 1.8.21.9.0BIG-IP Next CNF1.1.0 -
1.1.11.2.0BIG-IP (all modules)17.1.0
16.1.0 - 16.1.4
15.1.0 - 15.1.917.1.1
16.1.5
15.1.10K000139938: BIG-IP Next Central Manager vulnerability CVE-2024-370285.3
(CVSS v3.1)
6.3 (CVSS v4.0)BIG-IP Next Central Manager20.1.0 - 20.2.020.2.1K000140529: NGINX
ngx_http_mp4_module vulnerability CVE-2024-73474.7 (CVSS v3.1)
5.7 (CVSS v4.0)NGINX PlusR27 - R32R32 P1
R31 P3NGINX Open Source1.5.13 - 1.26.11.27.1
1.26.2K10438187: BIG-IP iControl REST vulnerability CVE-2024-417234.3 (CVSS
v3.1)
5.3 (CVSS v4.0)BIG-IP (all modules)17.1.0
16.1.0 - 16.1.4
15.1.0 - 15.1.1017.1.1
16.1.5K000140006: BIG-IP Next Central Manager vulnerability CVE-2024-417194.2
(CVSS v3.1)
5.1 (CVSS v4.0)BIG-IP Next Central Manager20.1.0 - 20.2.020.2.1

1Starting with the August 2024 Quarterly Security Notification, F5 will provide
the CVSS v4.0 base score in addition to the CVSS v3.1 score, for first-party
security issues only. For more information about how F5 uses CVSS v4.0, refer to
K000140363: Overview of CVSS v4.0 in F5 security advisories.

2F5 evaluates only software versions that have not yet reached the End of
Technical Support (EoTS) phase of their lifecycle.


RELATED CONTENT

 * K12201527: Overview of Quarterly Security Notifications
 * K67091411: Guidance for Quarterly Security Notifications
 * K84205182: BIG-IP update and upgrade guide | Chapter 1: Guide contents
 * K41942608: Overview of MyF5 security advisory articles
 * K4602: Overview of the F5 security vulnerability response policy
 * K4918: Overview of the F5 critical issue hotfix policy
 * K39757430: F5 product and services lifecycle policy index
 * K9502: BIG-IP hotfix and point release matrix
 * K13123: Managing BIG-IP product hotfixes (11.x - 17.x)
 * K000090258: Download F5 products from MyF5
 * K9970: Subscribing to email notifications regarding F5 products
 * K9957: Creating a custom RSS feed to view new and updated documents
 * K27404821: Using F5 iHealth to diagnose vulnerabilities
 * K000135931: Contact F5 Support


AI RECOMMENDED CONTENT

 * K000140552: Quarterly Security Notification (August 2024)
 * K05710614: BIG-IP HSB vulnerability CVE-2024-39778
 * K000138833: BIG-IP TMM vulnerability CVE-2024-41727
 * K000140111: BIG-IP Next Central Manager vulnerability CVE-2024-39809

Return to Top



Contact Support

Live chat:AskF5
Have a Question?
 * Support and Sales ›

Follow Us
 * 
 * 
 * 
 * 
 * 

About F5
 * Corporate Information
 * Newsroom
 * Investor Relations
 * Careers
 * Contact Information
 * Communication Preferences

Education
 * Training
 * Certification
 * LearnF5
 * Free Online Training

F5 Sites
 * F5.com
 * DevCentral
 * MyF5
 * Partner Central
 * F5 Labs

Support Tasks
 * Read Support Policies
 * Create Support Case
 * Leave Feedback [+]

 * About F5
    * Corporate Information
    * Newsroom
    * Investor Relations
    * Careers
    * Contact Information
    * Communication Preferences

 * Education
    * Training
    * Certification
    * LearnF5
    * Free Online Training

 * F5 Sites
    * F5.com
    * DevCentral
    * MyF5
    * Partner Central
    * F5 Labs

 * Support Tasks
    * Read Support Policies
    * Create Support Case
    * Leave Feedback [+]

©2024 F5, Inc. All rights reserved.

 * Policies
 * Privacy
 * Trademarks
 * California Privacy
 * Do Not Sell My Personal Information
 * MyF5 Terms of Use
 * Cookie Preferences
   Opens in a modal window




Loading