CVE-2024-47139 – A stored cross-site scripting (XSS) vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-47139?

CVE-2024-47139 has a CVSS score of 6.8 (MEDIUM). A stored cross-site scripting (XSS) vulnerability in the BIG-IQ Configuration utility allows authenticated administrators to inject malicious JavaScript that executes in other users' browsers. This affects BIG-IQ systems with vulnerable versions, potentially compromising user sessions and administrative functions.

📋 TL;DR

A stored cross-site scripting (XSS) vulnerability in the BIG-IQ Configuration utility allows authenticated administrators to inject malicious JavaScript that executes in other users' browsers. This affects BIG-IQ systems with vulnerable versions, potentially compromising user sessions and administrative functions.

💻 Affected Systems

Products:

F5 BIG-IQ Centralized Management

Versions: Specific versions not disclosed in CVE; check F5 advisory K000141080 for affected versions

Operating Systems: F5 BIG-IQ appliance OS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects BIG-IQ Configuration utility; requires administrator role for exploitation; versions with End of Technical Support (EoTS) are not evaluated.

📦 What is this software?

Big Iq Centralized Management by F5

View all CVEs affecting Big Iq Centralized Management →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with administrator credentials could steal session tokens, perform actions as other users, or deploy malware to administrative workstations.

🟠

Likely Case

Privilege escalation within the BIG-IQ system, session hijacking of administrative users, or data exfiltration from the management interface.

🟢

If Mitigated

Limited impact if proper access controls restrict administrator accounts and network segmentation isolates the BIG-IQ management interface.

🌐 Internet-Facing: MEDIUM - If the BIG-IQ Configuration utility is exposed to the internet, exploitation risk increases, though it requires administrator credentials.

🏢 Internal Only: HIGH - Internal administrators with malicious intent or compromised credentials can exploit this to escalate privileges or compromise other administrative sessions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Requires administrator credentials but XSS exploitation is straightforward once authenticated.

Exploitation requires an authenticated administrator account; stored XSS means payload persists and affects multiple users.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check F5 advisory K000141080 for specific fixed versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000141080

Restart Required: Yes

Instructions:

1. Review F5 advisory K000141080 for affected and fixed versions. 2. Upgrade BIG-IQ to a patched version as specified in the advisory. 3. Restart the BIG-IQ system after patching.

🔧 Temporary Workarounds

Restrict Administrator Access

all

Limit the number of administrator accounts and enforce strong authentication to reduce attack surface.

Network Segmentation

all

Isolate the BIG-IQ Configuration utility to trusted networks only, preventing external access.

🧯 If You Can't Patch

Implement strict access controls: Use multi-factor authentication for administrator accounts and monitor for suspicious activity.
Apply input validation: If possible, configure web application firewalls (WAF) to block XSS payloads targeting the BIG-IQ interface.

🔍 How to Verify

Check if Vulnerable:

Check the BIG-IQ version against the affected versions listed in F5 advisory K000141080.

Check Version:

Log into BIG-IQ CLI and run: 'cat /etc/issue' or check via the web interface under System > Configuration > Device.

Verify Fix Applied:

After patching, verify the BIG-IQ version matches or exceeds the fixed version specified in the advisory.

📡 Detection & Monitoring

Log Indicators:

Unusual administrator login patterns
JavaScript payloads in BIG-IQ web logs
Unexpected configuration changes

Network Indicators:

HTTP requests with suspicious script tags or JavaScript to BIG-IQ management interface

SIEM Query:

Search for web logs from BIG-IQ containing patterns like '<script>', 'javascript:', or encoded XSS payloads.

📊 Metadata

CVE ID: CVE-2024-47139

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-80

Published: October 16, 2024

Last Updated: August 6, 2025

🔗 References

https://my.f5.com/manage/s/article/K000141080 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47139, you might also want to check these: