Lucene search
F5F5:K000138744HistoryMay 08, 2024 - 12:00 a.m.
K000138744 : BIG-IP APM browser network access VPN client vulnerability CVE-2024-28883
2024-05-0800:00:00
my.f5.com
23
big-ip
apm
vpn
vulnerability
cve-2024-28883
bypass
f5
endpoint inspection.
Security Advisory Description
An origin validation vulnerability exists in the BIG-IP APM browser network access VPN client, which may allow an attacker to bypass F5 endpoint inspection. (CVE-2024-28883)
Impact
A remote unauthenticated attacker with a man-in-the-middle (MITM) position may exploit this vulnerability and establish a network access (VPN) connection with a BIG-IP APM system. This vulnerability specifically affects the BIG-IP APM browser network access VPN client when the BIG-IP APM access policy is configured with an endpoint inspection item in the Visual Policy Editor (VPE), Endpoint Security (client or server). BIG-IP Edge Client/F5 Access/CLI and other clients are not affected.
| Vendor | Product | Version | CPE |
|---|---|---|---|
| f5 | big\-ip_apm | 15.1.0 | cpe:2.3:a:f5:big\-ip_apm:15.1.0:*:*:*:*:*:*:* |
| f5 | big\-ip_apm | 15.1.1 | cpe:2.3:a:f5:big\-ip_apm:15.1.1:*:*:*:*:*:*:* |
| f5 | big\-ip_apm | 15.1.10 | cpe:2.3:a:f5:big\-ip_apm:15.1.10:*:*:*:*:*:*:* |
| f5 | big\-ip_apm | 15.1.2 | cpe:2.3:a:f5:big\-ip_apm:15.1.2:*:*:*:*:*:*:* |
| f5 | big\-ip_apm | 15.1.3 | cpe:2.3:a:f5:big\-ip_apm:15.1.3:*:*:*:*:*:*:* |
| f5 | big\-ip_apm | 15.1.4 | cpe:2.3:a:f5:big\-ip_apm:15.1.4:*:*:*:*:*:*:* |
| f5 | big\-ip_apm | 15.1.5 | cpe:2.3:a:f5:big\-ip_apm:15.1.5:*:*:*:*:*:*:* |
| f5 | big\-ip_apm | 15.1.6 | cpe:2.3:a:f5:big\-ip_apm:15.1.6:*:*:*:*:*:*:* |
| f5 | big\-ip_apm | 15.1.7 | cpe:2.3:a:f5:big\-ip_apm:15.1.7:*:*:*:*:*:*:* |
| f5 | big\-ip_apm | 15.1.8 | cpe:2.3:a:f5:big\-ip_apm:15.1.8:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2024-28883 BIG-IP APM browser network access VPN client vulnerability
2024-05-08 15:01:24
vulnrichment
vulnrichment
CVE-2024-28883 BIG-IP APM browser network access VPN client vulnerability
2024-05-08 15:01:24
nessus
nessus
cve
cve
CVE-2024-28883
2024-05-08 15:15:09
nvd
nvd
CVE-2024-28883
2024-05-08 15:15:09
f5
f5
K000139404 : Quarterly Security Notification (May 2024)
2024-05-08 00:00:00