Lucene search

K
cvelistF5CVELIST:CVE-2024-28883
HistoryMay 08, 2024 - 3:01 p.m.

CVE-2024-28883 BIG-IP APM browser network access VPN client vulnerability

2024-05-0815:01:24
CWE-346
f5
www.cve.org
cve-2024-28883
origin validation
big-ip apm
vpn client
windows
macos
linux
f5
endpoint inspection
eots

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

An origin validation vulnerability exists in

BIG-IP APM browser network access VPN client

for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "platforms": [
      "Windows",
      "Linux",
      "MacOS"
    ],
    "product": "BIG-IP Edge Client",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "7.2.4.4",
        "status": "affected",
        "version": "7.2.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "modules": [
      "APM"
    ],
    "product": "BIG-IP",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "17.1.1",
        "status": "affected",
        "version": "17.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "16.1.4.2",
        "status": "affected",
        "version": "16.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1.10.3",
        "status": "affected",
        "version": "15.1.0",
        "versionType": "custom"
      }
    ]
  }
]

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2024-28883