Security Advisory Description On August 14, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can watch the August 2024 Quarterly Security Notification briefing by DevCentral in the following video: High CVEs Medium CVEs High CVEs Article (CVE)| CVSS score1| Affected products| Affected versions2| Fixes introduced in —|—|—|—|— K000140111: BIG-IP Next Central Manager vulnerability CVE-2024-39809| 7.5 (CVSS v3.1) 8.9 (CVSS v4.0)| BIG-IP Next Central Manager| 20.1.0| 20.2.0 K05710614: BIG-IP HSB vulnerability CVE-2024-39778| 7.5 (CVSS v3.1) 8.7 (CVSS v4.0)| BIG-IP (all modules)| 17.1.0 16.1.0 – 16.1.4 15.1.0 – 15.1.10| 17.1.1 16.1.5 K000140108: NGINX Plus MQTT vulnerability CVE-2024-39792| 7.5 (CVSS v3.1) 8.7 (CVSS v4.0)| NGINX Plus| R30 – R32| R32 P1 R31 P3 K000138833: BIG-IP TMM vulnerability CVE-2024-41727| 7.5 (CVSS v3.1) 8.7 (CVSS v4.0)| BIG-IP (all modules)| 16.1.0 – 16.1.4 15.1.0 – 15.1.10| 16.1.5 1Starting with the August 2024 Quarterly Security Notification, F5 will provide the CVSS v4.0 base score in addition to the CVSS v3.1 score, for first-party security issues only. For more information about how F5 uses CVSS v4.0, refer to K000140363: Overview of CVSS v4.0 in F5 security advisories. 2F5 evaluates only software versions that have not yet…Read More