Forum Discussion
How do I figure out if F5 has an attack signature or threat campaign for a given vulnerability?
Given the recent Ivanti vulnerabilities I'm wondering if F5 has released any pertinent attack signatures and/or threat campaigns to help me defend against these vulnerabilities. However I'm not finding a straightforward answer.
I'm searching for CVE-2023-46805 and CVE-2024-21887 across the F5 sites and nothing helpful is coming up. Is there a search tool that I can use to help me discover quickly if a given vulnerability is remediated by ASM?
Thanks,
Jason
Hi JasonTheF5Guy ,
I see the mentioned CVEs are related to ivanti :- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46805
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21887
So if you have any solution related to ivanti ( x pulse secure ) you can check and apply the needed workarounds.
F5 announces each quarter all found CVEs and sometimes doesn't wait for each quarter in case of urgent or critical CVEs, thus I don't see any relatively to F5.
Thanks- JasonTheF5GuyNimbostratus
Yes, these are Ivanti related CVE's.
It's possible to protect an Ivanti solution by putting it behind an LTM/ASM and configuring a security policy within ASM. If somebody had done that then I'm wondering if F5 has a web site where I can quickly search for a given CVE (or some other vulnerability) and see if there is either a pre-packaged attack signature or threat campaign formulated to protect against that given vulnerability.
- JasonTheF5GuyNimbostratus
This article explains how to search your attack signatures on the ASM box:
https://my.f5.com/manage/s/article/K41207833
However, I would like to search an F5 site to see if F5 has released a signature to deal with a given CVE that is of concern to my organization. Does such a web site exist?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com