Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K000138894
HistoryMay 08, 2024 - 12:00 a.m.

K000138894 : BIG-IP Configuration utility XSS vulnerability CVE-2024-33604

2024-05-0800:00:00
my.f5.com
15
big-ip
xss
vulnerability
javascript
web browser
bash
control plane

AI Score

5.6

Confidence

High

EPSS

0

Percentile

9.0%

JSON

Security Advisory Description

A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. (CVE-2024-33604)

Impact

An attacker may exploit this vulnerability by causing an authenticated user to send a crafted URL that is then reflected back and run by the user’s web browser. If successful, an attacker can run JavaScript in the context of the currently logged-in user. In the case of an administrative user with access to the Advanced Shell (bash), an attacker can leverage successful exploitation of this vulnerability to compromise the BIG-IP system. This is a control plane issue; there is no data plane exposure.

Related

nvd 1
cvelist 1
nessus 1
cve 1
f5 1
nvd
nvd
CVE-2024-33604
2024-05-08 15:15:10
cvelist
cvelist
CVE-2024-33604 BIG-IP Configuration utility XSS vulnerability
2024-05-08 15:01:27
nessus
nessus
F5 Networks BIG-IP : BIG-IP Configuration utility XSS vulnerability (K000138894)
2024-05-15 00:00:00
cve
cve
CVE-2024-33604
2024-05-08 15:15:10
f5
f5
K000139404 : Quarterly Security Notification (May 2024)
2024-05-08 00:00:00

AI Score

5.6

Confidence

High

EPSS

0

Percentile

9.0%

JSON
Related for F5:K000138894
nvd1cvelist1nessus1cve1f51