CVE-2024-31156

Q: What is the severity of CVE-2024-31156?

CVE-2024-31156 has a CVSS score of 8.0 (HIGH). This stored XSS vulnerability in the BIG-IP Configuration utility allows attackers to inject malicious JavaScript that executes when legitimate users view the compromised page. This affects BIG-IP systems running supported software versions, potentially enabling session hijacking, credential theft, or configuration changes.

8.0 HIGH

Cross-Site Scripting

📋 TL;DR

This stored XSS vulnerability in the BIG-IP Configuration utility allows attackers to inject malicious JavaScript that executes when legitimate users view the compromised page. This affects BIG-IP systems running supported software versions, potentially enabling session hijacking, credential theft, or configuration changes.

💻 Affected Systems

Products:

F5 BIG-IP

Versions: Specific versions not disclosed in public description; check F5 advisory for affected versions

Operating Systems: F5 TMOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects supported software versions (not EoTS). Requires authenticated access to Configuration utility.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains administrative control of BIG-IP system, modifies network configurations, intercepts all traffic, or deploys persistent backdoors across the network infrastructure.

🟠

Likely Case

Attacker steals administrator session cookies, gains unauthorized access to the Configuration utility, and modifies load balancing rules or SSL/TLS settings.

🟢

If Mitigated

Attack limited to isolated administrative interface with no lateral movement due to network segmentation and strict access controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires attacker to have authenticated access to Configuration utility or compromise legitimate user credentials first.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check F5 advisory K000138636 for specific fixed versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000138636

Restart Required: Yes

Instructions:

1. Log into F5 Support site 2. Download appropriate fixed version for your BIG-IP model 3. Backup configuration 4. Install update via Configuration utility or CLI 5. Reboot system as required

🔧 Temporary Workarounds

Restrict Configuration Utility Access

all

Limit access to BIG-IP Configuration utility to trusted IP addresses only

Configure firewall rules to restrict access to BIG-IP management IP/ports

Implement WAF Protection

all

Deploy web application firewall with XSS protection rules

Configure ASM policy with XSS attack signatures enabled

🧯 If You Can't Patch

Implement strict network segmentation to isolate BIG-IP management interfaces
Enforce multi-factor authentication for all BIG-IP administrative accounts

🔍 How to Verify

Check if Vulnerable:

Check BIG-IP version against affected versions in F5 advisory K000138636

Check Version:

tmsh show sys version

Verify Fix Applied:

Verify installed version matches or exceeds fixed version from F5 advisory

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript payloads in Configuration utility access logs
Multiple failed login attempts followed by successful login

Network Indicators:

Unexpected connections to BIG-IP management interface from unusual IPs
Suspicious outbound connections from BIG-IP system

SIEM Query:

source="bigip_logs" AND ("script" OR "javascript" OR "<script") AND uri="*Configuration*"

📊 Metadata

CVE ID: CVE-2024-31156

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-79

Published: May 8, 2024

Last Updated: October 21, 2025

🔗 References

https://my.f5.com/manage/s/article/K000138636 Vendor Advisory
https://my.f5.com/manage/s/article/K000138636 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Automation Toolchain by F5

Big Ip Automation Toolchain by F5

Big Ip Automation Toolchain by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Container Ingress Services by F5

Big Ip Container Ingress Services by F5

Big Ip Container Ingress Services by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Webaccelerator by F5

Big Ip Webaccelerator by F5

Big Ip Webaccelerator by F5

Big Ip Websafe by F5

Big Ip Websafe by F5

Big Ip Websafe by F5

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Configuration Utility Access

Implement WAF Protection

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable: