CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
15.5%
Security Advisory Description
On May 29, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles.
You can watch the May 2024 Out-of-band Security Notification (OoBSN) briefing by DevCentral in the following video:
Medium CVEs
Article (CVE) | CVSS score | Affected products | Affected versions1 | Fixes introduced in |
---|---|---|---|---|
K000139609: NGINX HTTP/3 QUIC vulnerability CVE-2024-32760 | 6.5 | NGINX Plus | R30 - R31 | R32 |
R31 P2 | ||||
NGINX Open Source | 1.25.0 - 1.26.0 | 1.27.0 | ||
1.26.1 | ||||
K000139627: NGINX HTTP/3 QUIC vulnerability CVE-2024-34161 | 5.3 | NGINX Plus | R30 - R31 | R32 |
R31 P2 | ||||
NGINX Open Source | 1.25.0 - 1.26.0 | 1.27.0 | ||
1.26.1 | ||||
K000139612: NGINX HTTP/3 QUIC vulnerability CVE-2024-35200 | 5.3 | NGINX Plus | R30 - R31 | R32 |
R31 P2 | ||||
NGINX Open Source | 1.25.0 - 1.26.0 | 1.27.0 | ||
1.26.1 | ||||
K000139611: NGINX HTTP/3 QUIC vulnerability CVE-2024-31079 | 4.8 | NGINX Plus | R30 - R31 | R32 |
R31 P2 | ||||
NGINX Open Source | 1.25.0 - 1.26.0 | 1.27.0 | ||
1.26.1 |
1F5 evaluates only software versions that have not yet reached the End of Technical Support (EoTS) phase of their lifecycle.
Vendor | Product | Version | CPE |
---|---|---|---|
f5 | big-ip_next | 20.0.1 | cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:* |
f5 | big-ip_next | 20.0.2 | cpe:2.3:a:f5:big-ip_next:20.0.2:*:*:*:*:*:*:* |
f5 | big-ip_next | 20.1.0 | cpe:2.3:a:f5:big-ip_next:20.1.0:*:*:*:*:*:*:* |
f5 | big-ip_next | 20.1.1 | cpe:2.3:a:f5:big-ip_next:20.1.1:*:*:*:*:*:*:* |
f5 | big-ip_next | 20.2.0 | cpe:2.3:a:f5:big-ip_next:20.2.0:*:*:*:*:*:*:* |
f5 | big-ip_next | 1.1.0 | cpe:2.3:a:f5:big-ip_next:1.1.0:*:*:*:*:*:*:* |
f5 | big-ip_next | 1.1.1 | cpe:2.3:a:f5:big-ip_next:1.1.1:*:*:*:*:*:*:* |
f5 | big-ip_next | 1.2.0 | cpe:2.3:a:f5:big-ip_next:1.2.0:*:*:*:*:*:*:* |
f5 | big-ip_next | 1.2.1 | cpe:2.3:a:f5:big-ip_next:1.2.1:*:*:*:*:*:*:* |
f5 | big-ip_next | 1.3.0 | cpe:2.3:a:f5:big-ip_next:1.3.0:*:*:*:*:*:*:* |