Lucene search

F5CVELIST:CVE-2024-28132

HistoryMay 08, 2024 - 3:01 p.m.

CVE-2024-28132 BIG-IP NEXT CNF vulnerability

2024-05-0815:01:27

CWE-922

www.cve.org

cve-2024-28132

gslb container

authenticated attacker

local access

sensitive information

end of technical support

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "BIG-IP Next CNF",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "1.3.0",
        "status": "affected",
        "version": "1.2.0",
        "versionType": "custom"
      }
    ]
  }
]

References

my.f5.com/manage/s/article/K000138913

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-28132