Lucene search

F5CVELIST:CVE-2024-28889

HistoryMay 08, 2024 - 3:01 p.m.

CVE-2024-28889 BIG-IP SSL vulnerability

2024-05-0815:01:26

CWE-825

www.cve.org

ssl profile

alert timeout

virtual server

tmm

termination

eots

traffic

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

9.0%

JSON

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker’s control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "All Modules"
    ],
    "product": "BIG-IP",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "17.1.1.3",
        "status": "affected",
        "version": "17.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "16.1.4.3",
        "status": "affected",
        "version": "16.1.2.1",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1.10.4",
        "status": "affected",
        "version": "15.1.5",
        "versionType": "custom"
      }
    ]
  }
]

References

my.f5.com/manage/s/article/K000138912

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-28889