CVE-2024-22093: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

A critical authenticated remote command injection vulnerability (CVE-2024-22093) was discovered in F5 BIG-IP systems running in appliance mode. The vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems and was disclosed on February 14, 2024. The vulnerability affects multiple F5 products including BIG-IP Access Policy Manager, Advanced Firewall Manager, Analytics, and other components in versions 15.1.0-15.1.9, 16.1.0-16.1.4, and 17.1.0 (NVD).

The vulnerability is classified as a command injection flaw (CWE-77) that allows an authenticated attacker to execute unauthorized commands through the iControl REST interface. It received a CVSS v3.1 base score of 9.6 (Critical) from NIST and 8.7 (High) from F5 Networks. The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and no user interaction (UI:N). The scope is changed (S:C) with high impacts on both confidentiality and integrity (C:H, I:H) but no impact on availability (A:N) (NVD).

A successful exploitation of this vulnerability allows an attacker to cross security boundaries and potentially execute unauthorized commands on the affected systems. The vulnerability has high impacts on both system confidentiality and integrity, potentially exposing sensitive information and allowing unauthorized modifications to system data (NVD).

F5 has released security updates to address this vulnerability. Organizations running affected versions should upgrade to the patched versions. Note that software versions which have reached End of Technical Support (EoTS) are not evaluated (F5 Advisory).