Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0137
Vulnerability from certfr_avis - Published: 2024-02-15 - Updated: 2024-02-15
De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | NGINX Plus | NGINX Plus versions R30 antérieures à R30 P2 | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 1.x.x postérieures à 1.5.0 et antérieures à 1.8.1 | ||
| F5 | BIG-IP | BIG-IP versions 16.1.x antérieures à 16.1.4.2 | ||
| F5 | NGINX | NGINX Open Source 1.25.x antérieures à 1.25.4 | ||
| F5 | BIG-IP | BIG-IP versions 17.1.x antérieures à 17.1.1 | ||
| F5 | BIG-IP Next | BIG-IP Next CNF versions 1.x.x postérieures à 1.1.0 et antérieures à 1.2.0 | ||
| F5 | BIG-IP | BIG-IP versions 15.1.x antérieures à 15.1.10.3 | ||
| F5 | NGINX Plus | NGINX Plus versions R31 antérieures à R31 P1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NGINX Plus versions R30 ant\u00e9rieures \u00e0 R30 P2",
"product": {
"name": "NGINX Plus",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 1.x.x post\u00e9rieures \u00e0 1.5.0 et ant\u00e9rieures \u00e0 1.8.1",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 16.1.x ant\u00e9rieures \u00e0 16.1.4.2",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Open Source 1.25.x ant\u00e9rieures \u00e0 1.25.4",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 17.1.x ant\u00e9rieures \u00e0 17.1.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next CNF versions 1.x.x post\u00e9rieures \u00e0 1.1.0 et ant\u00e9rieures \u00e0 1.2.0",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Plus versions R31 ant\u00e9rieures \u00e0 R31 P1",
"product": {
"name": "NGINX Plus",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-24989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24989"
},
{
"name": "CVE-2024-21849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21849"
},
{
"name": "CVE-2024-24775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24775"
},
{
"name": "CVE-2024-23979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23979"
},
{
"name": "CVE-2024-21782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21782"
},
{
"name": "CVE-2024-21771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21771"
},
{
"name": "CVE-2024-23805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23805"
},
{
"name": "CVE-2024-21763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21763"
},
{
"name": "CVE-2024-21789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21789"
},
{
"name": "CVE-2024-22093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22093"
},
{
"name": "CVE-2024-23603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23603"
},
{
"name": "CVE-2024-23982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23982"
},
{
"name": "CVE-2024-23314",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23314"
},
{
"name": "CVE-2024-22389",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22389"
},
{
"name": "CVE-2024-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23308"
},
{
"name": "CVE-2024-23607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23607"
},
{
"name": "CVE-2024-23306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23306"
},
{
"name": "CVE-2024-24990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24990"
}
],
"initial_release_date": "2024-02-15T00:00:00",
"last_revision_date": "2024-02-15T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0137",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 du 14 f\u00e9vrier 2024",
"url": "https://my.f5.com/manage/s/article/K000138353"
}
]
}
CVE-2024-23603 (GCVE-0-2024-23603)
Vulnerability from cvelistv5 – Published: 2024-02-14 16:30 – Updated: 2024-08-01 23:06
VLAI
EPSS
Title
BIG-IP Advanced WAF and ASM Configuration utility vulnerability
Summary
An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000138047 | vendor-advisory |
Impacted products
Date Public
2024-02-14 15:00
Credits
F5
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T18:19:57.012135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:06.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000138047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Advanced WAF",
"ASM"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "16.1.4",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThan": "15.1.10",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2024-02-14T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.\u003c/span\u003e\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"value": "\nAn SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T16:30:24.259Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000138047"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BIG-IP Advanced WAF and ASM Configuration utility vulnerability ",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2024-23603",
"datePublished": "2024-02-14T16:30:24.259Z",
"dateReserved": "2024-02-01T22:13:58.494Z",
"dateUpdated": "2024-08-01T23:06:25.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23607 (GCVE-0-2024-23607)
Vulnerability from cvelistv5 – Published: 2024-02-14 16:30 – Updated: 2024-08-01 23:06
VLAI
EPSS
Title
F5OS QKView utility vulnerability
Summary
A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000132800 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | F5OS - Appliance |
Affected:
1.3.0 , < 1.4.0
(custom)
|
|
| F5 | F5OS - Chassis |
Affected:
1.3.0 , < 1.6.0
(custom)
|
Date Public
2024-02-14 15:00
Credits
F5
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-16T12:27:07.912367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:45:40.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000132800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "F5OS - Appliance",
"vendor": "F5",
"versions": [
{
"lessThan": "1.4.0",
"status": "affected",
"version": "1.3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "F5OS - Chassis",
"vendor": "F5",
"versions": [
{
"lessThan": "1.6.0",
"status": "affected",
"version": "1.3.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2024-02-14T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\u003c/span\u003e"
}
],
"value": "\nA directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T16:30:20.564Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000132800"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "F5OS QKView utility vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2024-23607",
"datePublished": "2024-02-14T16:30:20.564Z",
"dateReserved": "2024-02-01T22:13:26.345Z",
"dateUpdated": "2024-08-01T23:06:25.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23805 (GCVE-0-2024-23805)
Vulnerability from cvelistv5 – Published: 2024-02-14 16:30 – Updated: 2025-05-12 15:06
VLAI
EPSS
Title
F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability
Summary
Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled.
Note: The DB variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-131 - Incorrect Calculation of Buffer Size
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000137334 | vendor-advisory |
Impacted products
Date Public
2024-01-15 00:00
Credits
F5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000137334"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T12:57:12.670523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:06:55.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Advanced WAF",
"ASM",
"AVR"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "16.1.4",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThan": "15.1.10",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5"
}
],
"datePublic": "2024-01-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eUndisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under \u003cstrong\u003eCollected Entities\u003c/strong\u003e\u0026nbsp;is configured on a virtual server and the DB variables \u003cstrong\u003eavr.IncludeServerInURI\u003c/strong\u003e\u0026nbsp;or \u003cstrong\u003eavr.CollectOnlyHostnameFromURI\u003c/strong\u003e\u0026nbsp;are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables \u003cstrong\u003eavr.IncludeServerInURI\u003c/strong\u003e\u0026nbsp;or \u003cstrong\u003eavr.CollectOnlyHostnameFromURI\u003c/strong\u003e\u0026nbsp;are enabled.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: The DB variables \u003cstrong\u003eavr.IncludeServerInURI\u003c/strong\u003e\u0026nbsp;and \u003cstrong\u003eavr.CollectOnlyHostnameFromURI\u003c/strong\u003e\u0026nbsp;are not enabled by default. For more information about the HTTP Analytics profile and the \u003cstrong\u003eCollect URLs\u003c/strong\u003e\u0026nbsp;setting, refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://my.f5.com/manage/s/article/K30875743\"\u003eK30875743: Create a new Analytics profile and attach it to your virtual servers\u003c/a\u003e.\u003c/p\u003e\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"value": "\nUndisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities\u00a0is configured on a virtual server and the DB variables avr.IncludeServerInURI\u00a0or avr.CollectOnlyHostnameFromURI\u00a0are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI\u00a0or avr.CollectOnlyHostnameFromURI\u00a0are enabled.\n\nNote: The DB variables avr.IncludeServerInURI\u00a0and avr.CollectOnlyHostnameFromURI\u00a0are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs\u00a0setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 .\n\n\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131 Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T21:45:19.185Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000137334"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2024-23805",
"datePublished": "2024-02-14T16:30:25.339Z",
"dateReserved": "2024-02-01T22:13:58.511Z",
"dateUpdated": "2025-05-12T15:06:55.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23979 (GCVE-0-2024-23979)
Vulnerability from cvelistv5 – Published: 2024-02-14 16:30 – Updated: 2024-08-01 23:13
VLAI
EPSS
Title
BIG-IP SSL Client Certificate LDAP and CRLDP Authentication profiles vulnerability
Summary
When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000134516 | vendor-advisory |
Impacted products
Date Public
2024-02-14 15:00
Credits
F5
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T19:24:41.441540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:45:40.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000134516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"All Modules"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "16.1.4",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThan": "15.1.9",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2024-02-14T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. \u003c/span\u003e\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"value": "\nWhen SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. \n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T16:30:22.395Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000134516"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BIG-IP SSL Client Certificate LDAP and CRLDP Authentication profiles vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2024-23979",
"datePublished": "2024-02-14T16:30:22.395Z",
"dateReserved": "2024-02-01T22:13:26.369Z",
"dateUpdated": "2024-08-01T23:13:08.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23982 (GCVE-0-2024-23982)
Vulnerability from cvelistv5 – Published: 2024-02-14 16:35 – Updated: 2024-08-21 15:47
VLAI
EPSS
Title
BIG-IP PEM vulnerability
Summary
When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000135946 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP |
Unaffected:
17.0.0 , < *
(custom)
Unaffected: 16.1.0 , < * (custom) Unaffected: 15.1.0 , < * (custom) |
|
| f5 | big-ip_pem |
Affected:
17.1.0 , ≤ 17.1.1
(custom)
Affected: 16.1.0 , ≤ 16.1.4 (custom) Affected: 15.1.0 , ≤ 15.1.10 (custom) cpe:2.3:a:f5:big-ip_pem:*:*:*:*:*:*:*:* |
Date Public
2024-02-14 15:00
Credits
F5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000135946"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:f5:big-ip_pem:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "big-ip_pem",
"vendor": "f5",
"versions": [
{
"lessThanOrEqual": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "16.1.4",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "15.1.10",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T15:40:50.583628Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T15:47:02.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"PEM"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"changes": [
{
"at": "classification-update-17.0.0-20220919_0728.im",
"status": "affected"
},
{
"at": "classification-update-17.0.0-20220929_1149.im",
"status": "affected"
},
{
"at": "classification-update-17.0.0-20221014_1320.im",
"status": "affected"
},
{
"at": "classification-update-17.0.0-20221027_0652.im",
"status": "affected"
},
{
"at": "classification-update-17.0.0-20221110_0614.im",
"status": "affected"
},
{
"at": "classification-update-17.0.0-20221125_0422.im",
"status": "affected"
},
{
"at": "classification-update-17.0.0-20221212_0929.im",
"status": "affected"
},
{
"at": "classification-update-17.0.0-20221222_0627.im",
"status": "affected"
},
{
"at": "classification-update-17.0.0-20230105_0508.im",
"status": "affected"
},
{
"at": "classification-update-17.0.0-20230120_1249.im",
"status": "affected"
},
{
"at": "classification-update-17.0.0-20230203_1610.im",
"status": "affected"
},
{
"at": "classification-update-17.0.0-20230216_0811.im",
"status": "affected"
},
{
"at": "classification_updates_17.0.0-20230302_1513.im",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "unaffected",
"version": "17.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "classification-update-16.1.0-20220919_0728.im",
"status": "affected"
},
{
"at": "classification-update-16.1.0-20220929_1149.im",
"status": "affected"
},
{
"at": "classification-update-16.1.0-20221014_1320.im",
"status": "affected"
},
{
"at": "classification-update-16.1.0-20221027_0652.im",
"status": "affected"
},
{
"at": "classification-update-16.1.0-20221110_0614.im",
"status": "affected"
},
{
"at": "classification-update-16.1.0-20221125_0422.im",
"status": "affected"
},
{
"at": "classification-update-16.1.0-20221212_0929.im",
"status": "affected"
},
{
"at": "classification-update-16.1.0-20221222_0627.im",
"status": "affected"
},
{
"at": "classification-update-16.1.0-20230105_0508.im",
"status": "affected"
},
{
"at": "classification-update-16.1.0-20230120_1249.im",
"status": "affected"
},
{
"at": "classification-update-16.1.0-20230203_1610.im",
"status": "affected"
},
{
"at": "classification-update-16.1.0-20230216_0811.im",
"status": "affected"
},
{
"at": "classification_updates_16.1.0-20230302_1513.im",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "unaffected",
"version": "16.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "classification-update-15.1.0-20220919_0728.im",
"status": "affected"
},
{
"at": "classification-update-15.1.0-20220929_1149.im",
"status": "affected"
},
{
"at": "classification-update-15.1.0-20221014_1320.im",
"status": "affected"
},
{
"at": "classification-update-15.1.0-20221027_0652.im",
"status": "affected"
},
{
"at": "classification-update-15.1.0-20221110_0614.im",
"status": "affected"
},
{
"at": "classification-update-15.1.0-20221125_0422.im",
"status": "affected"
},
{
"at": "classification-update-15.1.0-20221212_0929.im",
"status": "affected"
},
{
"at": "classification-update-15.1.0-20221222_0627.im",
"status": "affected"
},
{
"at": "classification-update-15.1.0-20230105_0508.im",
"status": "affected"
},
{
"at": "classification-update-15.1.0-20230120_1249.im",
"status": "affected"
},
{
"at": "classification-update-15.1.0-20230203_1610.im",
"status": "affected"
},
{
"at": "classification-update-15.1.0-20230216_0811.im",
"status": "affected"
},
{
"at": "classification_updates_15.1.0-20230302_1513.im",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "unaffected",
"version": "15.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2024-02-14T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files.\u0026nbsp;\u003c/span\u003e\u0026nbsp;NOTE:\u0026nbsp;\u003c/span\u003eSoftware versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"value": "\n\n\nWhen a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files.\u00a0\u00a0NOTE:\u00a0Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T16:35:08.991Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000135946"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BIG-IP PEM vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2024-23982",
"datePublished": "2024-02-14T16:35:08.991Z",
"dateReserved": "2024-02-01T22:13:58.474Z",
"dateUpdated": "2024-08-21T15:47:02.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24775 (GCVE-0-2024-24775)
Vulnerability from cvelistv5 – Published: 2024-02-14 16:30 – Updated: 2024-08-16 18:09
VLAI
EPSS
Title
BIG-IP TMM vulnerability
Summary
When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000137333 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP |
Affected:
17.1.0 , < 17.1.1
(custom)
Affected: 16.1.0 , < 16.1.4 (custom) Affected: 15.1.0 , < 15.1.10 (custom) |
|
| f5 | big-ip |
Affected:
17.1.0 , < 17.1.1
(custom)
Affected: 16.1.0 , < 16.1.4 (custom) Affected: 15.1.0 , < 15.1.10 (custom) cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:* |
Date Public
2024-02-14 15:00
Credits
F5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000137333"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "big-ip",
"vendor": "f5",
"versions": [
{
"lessThan": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "16.1.4",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThan": "15.1.10",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T18:07:08.771659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T18:09:20.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"All Modules"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "16.1.4",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThan": "15.1.10",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2024-02-14T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"value": "When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T16:30:23.876Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000137333"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BIG-IP TMM vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2024-24775",
"datePublished": "2024-02-14T16:30:23.876Z",
"dateReserved": "2024-02-01T22:13:58.490Z",
"dateUpdated": "2024-08-16T18:09:20.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24989 (GCVE-0-2024-24989)
Vulnerability from cvelistv5 – Published: 2024-02-14 16:30 – Updated: 2025-05-12 15:07
VLAI
EPSS
Title
NGINX HTTP/3 QUIC vulnerability
Summary
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.
Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .
NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000138444 | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2024/05/30/4 |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | NGINX Plus |
Affected:
R31 , < R31 P1
(custom)
|
|
| F5 | NGINX Open Source |
Affected:
1.25.3 , < 1.25.4
(semver)
|
Date Public
2024-02-14 15:00
Credits
F5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000138444"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/30/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:42:02.371925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:07:40.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"HTTP/3",
"QUIC"
],
"product": "NGINX Plus",
"vendor": "F5",
"versions": [
{
"lessThan": "R31 P1",
"status": "affected",
"version": "R31",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"modules": [
"HTTP/3",
"QUIC"
],
"product": "NGINX Open Source",
"vendor": "F5",
"versions": [
{
"lessThan": "1.25.4",
"status": "affected",
"version": "1.25.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2024-02-14T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://nginx.org/en/docs/quic.html\"\u003eSupport for QUIC and HTTP/3\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003e\n\nNOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated\n\n\u003cbr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.\n\nNote: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .\n\n\n\nNOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:14:48.743Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000138444"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/05/30/4"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "NGINX HTTP/3 QUIC vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2024-24989",
"datePublished": "2024-02-14T16:30:26.081Z",
"dateReserved": "2024-02-02T00:32:55.375Z",
"dateUpdated": "2025-05-12T15:07:40.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24990 (GCVE-0-2024-24990)
Vulnerability from cvelistv5 – Published: 2024-02-14 16:30 – Updated: 2025-05-08 15:19
VLAI
EPSS
Title
NGINX HTTP/3 QUIC vulnerability
Summary
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.
Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000138445 | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2024/05/30/4 |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | NGINX Plus |
Affected:
R31 , < R31 P1
(custom)
Affected: R30 , < R30 P2 (custom) |
|
| F5 | NGINX Open Source |
Affected:
1.25.0 , < 1.25.4
(semver)
|
Date Public
2024-02-14 15:00
Credits
F5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000138445"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/30/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:18:51.597565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T15:19:34.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"HTTP/3",
"QUIC"
],
"product": "NGINX Plus",
"vendor": "F5",
"versions": [
{
"lessThan": "R31 P1",
"status": "affected",
"version": "R31",
"versionType": "custom"
},
{
"lessThan": "R30 P2",
"status": "affected",
"version": "R30",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"modules": [
"HTTP/3",
"QUIC"
],
"product": "NGINX Open Source",
"vendor": "F5",
"versions": [
{
"lessThan": "1.25.4",
"status": "affected",
"version": "1.25.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2024-02-14T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWhen NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://nginx.org/en/docs/quic.html\"\u003eSupport for QUIC and HTTP/3\u003c/a\u003e.\u003c/p\u003e\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"value": "When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.\n\nNote: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .\n\n\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:14:53.733Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000138445"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/05/30/4"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "NGINX HTTP/3 QUIC vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2024-24990",
"datePublished": "2024-02-14T16:30:26.445Z",
"dateReserved": "2024-02-02T00:32:55.375Z",
"dateUpdated": "2025-05-08T15:19:34.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…