Forum Discussion
JasonTheF5Guy
Nimbostratus
NimbostratusHow do I figure out if F5 has an attack signature or threat campaign for a given vulnerability?
Given the recent Ivanti vulnerabilities I'm wondering if F5 has released any pertinent attack signatures and/or threat campaigns to help me defend against these vulnerabilities. However I'm not findi...
Hi JasonTheF5Guy ,
I see the mentioned CVEs are related to ivanti :
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46805
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21887
So if you have any solution related to ivanti ( x pulse secure ) you can check and apply the needed workarounds.
F5 announces each quarter all found CVEs and sometimes doesn't wait for each quarter in case of urgent or critical CVEs, thus I don't see any relatively to F5.
Thanks
JasonTheF5GuyYes, these are Ivanti related CVE's.
It's possible to protect an Ivanti solution by putting it behind an LTM/ASM and configuring a security policy within ASM. If somebody had done that then I'm wondering if F5 has a web site where I can quickly search for a given CVE (or some other vulnerability) and see if there is either a pre-packaged attack signature or threat campaign formulated to protect against that given vulnerability.