The vulnerability of the TMOS Shell configuration tool, which is used for managing monitors in the BIG-IP Access Policy Manager, as well as in programs like BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe, allows a perpetrator to increase their privileges.

🗓️ 21 Oct 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

TMOS Shell flaw in BIG-IP enables privilege escalation due to no authentication for critical functions.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-45844	16 Oct 202418:03	–	circl
CNNVD	F5 BIG-IP 访问控制错误漏洞	16 Oct 202400:00	–	cnnvd
CVE	CVE-2024-45844	16 Oct 202414:12	–	cve
Cvelist	CVE-2024-45844 BIG-IP monitors vulnerability	16 Oct 202414:12	–	cvelist
EUVD	EUVD-2024-41628	3 Oct 202520:07	–	euvd
F5 Networks	K000140061: BIG-IP monitors vulnerability CVE-2024-45844	16 Oct 202413:28	–	f5
F5 Networks	K000141302: Quarterly Security Notification (October 2024)	16 Oct 202413:36	–	f5
Tenable Nessus	F5 Networks BIG-IP : BIG-IP monitors vulnerability (K000140061)	16 Oct 202400:00	–	nessus
NVD	CVE-2024-45844	16 Oct 202415:15	–	nvd
OSV	CVE-2024-45844	16 Oct 202415:15	–	osv

Vulners

Node

f5_networks,big-ip_access_policy_managerRange<17.1.1.4

f5_networks,big-ip_access_policy_managerRange<16.1.5

f5_networks,big-ip_access_policy_managerRange<15.1.10.5

f5_networks,big-ip_advanced_firewall_managerRange<15.1.10.5

f5_networks,big-ip_advanced_firewall_managerRange<16.1.5

f5_networks,big-ip_advanced_firewall_managerRange<17.1.1.4

f5_networks,big-ip_advanced_web_application_firewallRange<17.1.1.4

f5_networks,big-ip_advanced_web_application_firewallRange<16.1.5

f5_networks,big-ip_advanced_web_application_firewallRange<15.1.10.5

f5_networks,big-ip_analyticsRange<15.1.10.5

f5_networks,big-ip_analyticsRange<16.1.5

f5_networks,big-ip_analyticsRange<17.1.1.4

f5_networks,big-ip_application_acceleration_managerRange<17.1.1.4

f5_networks,big-ip_application_acceleration_managerRange<16.1.5

f5_networks,big-ip_application_acceleration_managerRange<15.1.10.5

f5_networks,big-ip_application_security_managerRange<15.1.10.5

f5_networks,big-ip_application_security_managerRange<16.1.5

f5_networks,big-ip_application_security_managerRange<17.1.1.4

f5_networks,big-ip_application_visibility_and_reporting_(avr)Range<17.1.1.4

f5_networks,big-ip_application_visibility_and_reporting_(avr)Range<16.1.5

f5_networks,big-ip_application_visibility_and_reporting_(avr)Range<15.1.10.5

f5_networks,big-ip_carrier-grade_nat_(cgnat)Range<15.1.10.5

f5_networks,big-ip_carrier-grade_nat_(cgnat)Range<16.1.5

f5_networks,big-ip_carrier-grade_nat_(cgnat)Range<17.1.1.4

f5_networks,big-ip_ddos_hybrid_defenderRange<17.1.1.4

f5_networks,big-ip_ddos_hybrid_defenderRange<16.1.5

f5_networks,big-ip_ddos_hybrid_defenderRange<15.1.10.5

f5_networks,big-ip_domain_name_systemRange<15.1.10.5

f5_networks,big-ip_domain_name_systemRange<16.1.5

f5_networks,big-ip_domain_name_systemRange<17.1.1.4

f5_networks,big-ip_edge_gatewayRange<17.1.1.4

f5_networks,big-ip_edge_gatewayRange<16.1.5

f5_networks,big-ip_edge_gatewayRange<15.1.10.5

f5_networks,big-ip_fraud_protection_serviceRange<15.1.10.5

f5_networks,big-ip_fraud_protection_serviceRange<16.1.5

f5_networks,big-ip_fraud_protection_serviceRange<17.1.1.4

f5_networks,big-ip_global_traffic_managerRange<17.1.1.4

f5_networks,big-ip_global_traffic_managerRange<16.1.5

f5_networks,big-ip_global_traffic_managerRange<15.1.10.5

f5_networks,big-ip_link_controllerRange<15.1.10.5

f5_networks,big-ip_link_controllerRange<16.1.5

f5_networks,big-ip_link_controllerRange<17.1.1.4

f5_networks,big-ip_local_traffic_managerRange<17.1.1.4

f5_networks,big-ip_local_traffic_managerRange<16.1.5

f5_networks,big-ip_local_traffic_managerRange<15.1.10.5

f5_networks,big-ip_policy_enforcement_managerRange<15.1.10.5

f5_networks,big-ip_policy_enforcement_managerRange<16.1.5

f5_networks,big-ip_policy_enforcement_managerRange<17.1.1.4

f5_networks,big-ip_ssl_orchestratorRange<17.1.1.4

f5_networks,big-ip_ssl_orchestratorRange<16.1.5

f5_networks,big-ip_ssl_orchestratorRange<15.1.10.5

f5_networks,big-ip_webacceleratorRange<15.1.10.5

f5_networks,big-ip_webacceleratorRange<16.1.5

f5_networks,big-ip_webacceleratorRange<17.1.1.4

f5_networks,big-ip_websafeRange<17.1.1.4

f5_networks,big-ip_websafeRange<16.1.5

f5_networks,big-ip_websafeRange<15.1.10.5

Source	Link
my	www.my.f5.com/manage/s/article/K000140061
offsec	www.offsec.almond.consulting/privilege-escalation-f5-CVE-2024-45844.html
web	www.web.nvd.nist.gov/view/vuln/detail

21 Oct 2024 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 37.2

CVSS 29

EPSS0.10582