Lucene search
F5CVE-2024-24966HistoryFeb 14, 2024 - 5:15 p.m.
CVE-2024-24966
2024-02-1417:15:15
CWE-863
f5
web.nvd.nist.gov
21
cve
2024
24966
f5os
ldap
remote authentication
vulnerability
CVSS3
6.2
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.8
Confidence
High
EPSS
0
Percentile
9.0%
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CNA Affected
[
{
"defaultStatus": "unknown",
"product": "F5OS - Appliance",
"vendor": "F5",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "1.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "F5OS - Chassis",
"vendor": "F5",
"versions": [
{
"lessThan": "1.6.0",
"status": "affected",
"version": "1.3.0",
"versionType": "custom"
}
]
}
]References
Related
prion
prion
Authentication flaw
2024-02-14 17:15:00
vulnrichment
vulnrichment
CVE-2024-24966 F5OS vulnerability
2024-02-14 16:30:22
nvd
nvd
CVE-2024-24966
2024-02-14 17:15:15
cvelist
cvelist
CVE-2024-24966 F5OS vulnerability
2024-02-14 16:30:22
f5
f5
K000133111 : F5OS vulnerability CVE-2024-24966
2024-02-14 00:00:00
K000138353 : Quarterly Security Notification (February 2024)
2024-02-14 00:00:00
CVSS3
6.2
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.8
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2024-24966