Lucene search

F5CVELIST:CVE-2024-39809

HistoryAug 14, 2024 - 2:32 p.m.

CVE-2024-39809 BIG-IP Next Central Manager vulnerability

2024-08-1414:32:32

CWE-613

www.cve.org

central manager

user session refresh

token vulnerability

software versions

eots

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS4

8.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

ACTIVE

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

EPSS

0.001

Percentile

39.6%

JSON

The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "BIG-IP Next Central Manager",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "20.2.0",
        "status": "affected",
        "version": "20.1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

my.f5.com/manage/s/article/K000140111

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS4

8.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

ACTIVE

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

EPSS

0.001

Percentile

39.6%

JSON

Related for CVELIST:CVE-2024-39809