Lucene search
F5CVELIST:CVE-2024-24966HistoryFeb 14, 2024 - 4:30 p.m.
CVE-2024-24966 F5OS vulnerability
2024-02-1416:30:22
CWE-863
f5
www.cve.org
cve-2024-24966
f5os
ldap
authentication
vulnerability
remote user
6.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
9.1%
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CNA Affected
[
{
"defaultStatus": "unknown",
"product": "F5OS - Appliance",
"vendor": "F5",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "1.2.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "F5OS - Chassis",
"vendor": "F5",
"versions": [
{
"lessThan": "1.6.0",
"status": "affected",
"version": "1.3.0",
"versionType": "custom"
}
]
}
]References
Related
prion
prion
Authentication flaw
2024-02-14 17:15:00
cve
cve
CVE-2024-24966
2024-02-14 17:15:15
nvd
nvd
CVE-2024-24966
2024-02-14 17:15:15
f5
f5
K000133111 : F5OS vulnerability CVE-2024-24966
2024-02-14 00:00:00
K000138353 : Quarterly Security Notification (February 2024)
2024-02-14 00:00:00
6.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
9.1%
Related for CVELIST:CVE-2024-24966