Lucene search

K
f5F5F5:K000138744
HistoryMay 08, 2024 - 12:00 a.m.

K000138744 : BIG-IP APM browser network access VPN client vulnerability CVE-2024-28883

2024-05-0800:00:00
my.f5.com
20
big-ip
apm
vpn
vulnerability
cve-2024-28883
bypass
f5
endpoint inspection.

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Security Advisory Description

An origin validation vulnerability exists in the BIG-IP APM browser network access VPN client, which may allow an attacker to bypass F5 endpoint inspection. (CVE-2024-28883)

Impact

A remote unauthenticated attacker with a man-in-the-middle (MITM) position may exploit this vulnerability and establish a network access (VPN) connection with a BIG-IP APM system. This vulnerability specifically affects the BIG-IP APM browser network access VPN client when the BIG-IP APM access policy is configured with an endpoint inspection item in the Visual Policy Editor (VPE), Endpoint Security (client or server). BIG-IP Edge Client/F5 Access/CLI and other clients are not affected.

VendorProductVersionCPE
f5big\-ip_apm15.1.0cpe:2.3:a:f5:big\-ip_apm:15.1.0:*:*:*:*:*:*:*
f5big\-ip_apm15.1.1cpe:2.3:a:f5:big\-ip_apm:15.1.1:*:*:*:*:*:*:*
f5big\-ip_apm15.1.10cpe:2.3:a:f5:big\-ip_apm:15.1.10:*:*:*:*:*:*:*
f5big\-ip_apm15.1.2cpe:2.3:a:f5:big\-ip_apm:15.1.2:*:*:*:*:*:*:*
f5big\-ip_apm15.1.3cpe:2.3:a:f5:big\-ip_apm:15.1.3:*:*:*:*:*:*:*
f5big\-ip_apm15.1.4cpe:2.3:a:f5:big\-ip_apm:15.1.4:*:*:*:*:*:*:*
f5big\-ip_apm15.1.5cpe:2.3:a:f5:big\-ip_apm:15.1.5:*:*:*:*:*:*:*
f5big\-ip_apm15.1.6cpe:2.3:a:f5:big\-ip_apm:15.1.6:*:*:*:*:*:*:*
f5big\-ip_apm15.1.7cpe:2.3:a:f5:big\-ip_apm:15.1.7:*:*:*:*:*:*:*
f5big\-ip_apm15.1.8cpe:2.3:a:f5:big\-ip_apm:15.1.8:*:*:*:*:*:*:*
Rows per page:
1-10 of 4221

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%