CVE-2024-23306 – This vulnerability in BIG-IP Next CNF and SPK s... (How to Fix)

Q: What is the severity of CVE-2024-23306?

CVE-2024-23306 has a CVSS score of 7.1 (HIGH). This vulnerability in BIG-IP Next CNF and SPK systems allows unauthorized access to sensitive files that should be protected. It affects organizations running vulnerable versions of these F5 networking products. The vulnerability stems from insufficient access controls (CWE-522).

📋 TL;DR

This vulnerability in BIG-IP Next CNF and SPK systems allows unauthorized access to sensitive files that should be protected. It affects organizations running vulnerable versions of these F5 networking products. The vulnerability stems from insufficient access controls (CWE-522).

💻 Affected Systems

Products:

BIG-IP Next CNF
BIG-IP Next SPK

Versions: Specific versions not detailed in provided references; check F5 advisory for exact affected versions

Operating Systems: F5 proprietary OS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects supported versions; systems that have reached End of Technical Support (EoTS) are not evaluated.

📦 What is this software?

Big Ip Next Cloud Native Network Functions by F5

View all CVEs affecting Big Ip Next Cloud Native Network Functions →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access highly sensitive configuration files, credentials, or system files, potentially leading to complete system compromise or data exfiltration.

🟠

Likely Case

Unauthorized users accessing sensitive operational files that could reveal system configurations or partial credential information.

🟢

If Mitigated

With proper network segmentation and access controls, impact would be limited to isolated systems with minimal sensitive data exposure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation likely requires some level of access to the system, but complexity appears low based on CVSS score and description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check F5 advisory K000137886 for specific fixed versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000137886

Restart Required: Yes

Instructions:

1. Review F5 advisory K000137886
2. Identify affected systems and versions
3. Download and apply appropriate patches from F5
4. Restart affected services/systems
5. Verify patch application

🔧 Temporary Workarounds

Access Restriction

all

Implement strict access controls and network segmentation to limit who can reach BIG-IP management interfaces

File Permission Hardening

linux

Review and tighten file permissions on sensitive directories and files

🧯 If You Can't Patch

Isolate affected systems from untrusted networks and internet access
Implement additional authentication layers and monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check system version against affected versions listed in F5 advisory K000137886

Check Version:

Check BIG-IP Next version through management interface or CLI (specific command varies by deployment)

Verify Fix Applied:

Verify system version matches or exceeds patched versions from F5 advisory

📡 Detection & Monitoring

Log Indicators:

Unauthorized file access attempts
Access to sensitive file paths outside normal operations
Authentication failures followed by file access

Network Indicators:

Unusual traffic patterns to management interfaces
Access from unexpected source IPs

SIEM Query:

source="big-ip" AND (event_type="file_access" OR event_type="auth_failure") AND sensitive_path="*"

📊 Metadata

CVE ID: CVE-2024-23306

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-522

Published: February 14, 2024

Last Updated: September 5, 2025

🔗 References

https://my.f5.com/manage/s/article/K000137886 Vendor Advisory
https://my.f5.com/manage/s/article/K000137886 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23306, you might also want to check these: