Lucene search

F5CVE-2024-39809

HistoryAug 14, 2024 - 3:15 p.m.

CVE-2024-39809

2024-08-1415:15:26

CWE-613

web.nvd.nist.gov

central manager

user session

refresh token

expire

user logs out

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS4

8.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

ACTIVE

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

EPSS

0.001

Percentile

39.6%

JSON

The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected configurations

Nvd

Node

f5big-ip_next_central_managerMatch20.1.0

VendorProductVersionCPE
f5big-ip_next_central_manager20.1.0cpe:2.3:a:f5:big-ip_next_central_manager:20.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-ip_next_central_manager	20.1.0	cpe:2.3:a:f5:big-ip_next_central_manager:20.1.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "BIG-IP Next Central Manager",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "20.2.0",
        "status": "affected",
        "version": "20.1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

my.f5.com/manage/s/article/K000140111

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS4

8.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

ACTIVE

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

EPSS

0.001

Percentile

39.6%

JSON

Related for CVE-2024-39809