A vulnerability, which was classified as critical, has been found in F5 BIG-IP Advanced WAF and BIG-IP ASM 17.1.0 (Firewall Software). This issue affects an unknown part of the component Request Body Handler. The manipulation with an unknown input leads to a null pointer dereference vulnerability. Using CWE to declare the problem leads to CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. Impacted is availability. The summary by CVE is:

When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with "Apply value and content signatures and detect threat campaigns."  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

The weakness was published 02/14/2024 as K000137416. The advisory is shared at my.f5.com. The identification of this vulnerability is CVE-2024-23308 since 02/01/2024. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 02/14/2024).

Upgrading to version 17.1.1 eliminates this vulnerability.

Similar entries are available at VDB-194860, VDB-194861, VDB-195893 and VDB-201523.

Productinfo

Type

• Firewall Software

Vendor

• F5

Name

• BIG-IP Advanced WAF
• BIG-IP ASM

Version

• 17.1.0

License

• commercial

CPE 2.3info

• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion