CVE-2024-23314 - Vulnerability Details

Vendors	Products
F5	Big-ip Access Policy Manager Big-ip Advanced Firewall Manager Big-ip Analytics Big-ip Application Acceleration Manager Big-ip Application Security Manager Big-ip Domain Name System Big-ip Fraud Protection Service Big-ip Global Traffic Manager Big-ip Link Controller Big-ip Local Traffic Manager Big-ip Next Service Proxy For Kubernetes Big-ip Policy Enforcement Manager Big-iq Centralized Management

Link	Providers
https://my.f5.com/manage/s/article/K000137675

Type	Values Removed	Values Added
First Time appeared		F5 F5 big-ip Access Policy Manager F5 big-ip Advanced Firewall Manager F5 big-ip Analytics F5 big-ip Application Acceleration Manager F5 big-ip Application Security Manager F5 big-ip Domain Name System F5 big-ip Fraud Protection Service F5 big-ip Global Traffic Manager F5 big-ip Link Controller F5 big-ip Local Traffic Manager F5 big-ip Next Service Proxy For Kubernetes F5 big-ip Policy Enforcement Manager F5 big-iq Centralized Management
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:f5:big-ip_access_policy_manager:::::::: cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_advanced_firewall_manager:::::::: cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_analytics:::::::: cpe:2.3:a:f5:big-ip_analytics:17.1.0:::::::* cpe:2.3:a:f5:big-ip_application_acceleration_manager:::::::: cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_application_security_manager:::::::: cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_domain_name_system:::::::: cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:::::::* cpe:2.3:a:f5:big-ip_fraud_protection_service:::::::: cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:::::::* cpe:2.3:a:f5:big-ip_global_traffic_manager:::::::: cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_link_controller:::::::: cpe:2.3:a:f5:big-ip_link_controller:17.1.0:::::::* cpe:2.3:a:f5:big-ip_local_traffic_manager:::::::: cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:::::::: cpe:2.3:a:f5:big-ip_policy_enforcement_manager:::::::: cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:::::::* cpe:2.3:a:f5:big-iq_centralized_management::::::::
Vendors & Products		F5 F5 big-ip Access Policy Manager F5 big-ip Advanced Firewall Manager F5 big-ip Analytics F5 big-ip Application Acceleration Manager F5 big-ip Application Security Manager F5 big-ip Domain Name System F5 big-ip Fraud Protection Service F5 big-ip Global Traffic Manager F5 big-ip Link Controller F5 big-ip Local Traffic Manager F5 big-ip Next Service Proxy For Kubernetes F5 big-ip Policy Enforcement Manager F5 big-iq Centralized Management

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23314", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "state": "PUBLISHED", "assignerShortName": "f5", "dateReserved": "2024-02-01T22:13:26.379Z", "datePublished": "2024-02-14T16:30:23.152Z", "dateUpdated": "2024-08-27T15:25:06.327Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["All Modules"], "product": "BIG-IP", "vendor": "F5", "versions": [{"lessThan": "17.1.1", "status": "affected", "version": "17.1.0", "versionType": "custom"}, {"lessThan": "16.1.4", "status": "affected", "version": "16.1.0", "versionType": "custom"}, {"lessThan": "15.1.9", "status": "affected", "version": "15.1.0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "product": "BIG-IP Next SPK", "vendor": "F5", "versions": [{"lessThan": "1.8.1", "status": "affected", "version": "1.5.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "F5"}], "datePublic": "2024-02-14T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate.&nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"}], "value": "When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-908", "description": "CWE-908 Use of Uninitialized Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2024-02-14T16:30:23.152Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://my.f5.com/manage/s/article/K000137675"}], "source": {"discovery": "INTERNAL"}, "title": "BIG-IP HTTP/2 vulnerability", "x_generator": {"engine": "F5 SIRTBot v1.0"}}, "adp": [{"affected": [{"vendor": "f5", "product": "big-ip_next_service_proxy_for_kubernetes", "cpes": ["cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:1.5.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.5.0", "status": "affected", "lessThan": "1.8.1", "versionType": "custom"}]}, {"vendor": "f5", "product": "big-ip", "cpes": ["cpe:2.3:a:f5:big-ip:15.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip:16.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip:17.1.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "15.1.0", "status": "affected", "lessThan": "15.1.9", "versionType": "custom"}, {"version": "16.1.0", "status": "affected", "lessThan": "16.1.4", "versionType": "custom"}, {"version": "17.1.0", "status": "affected", "lessThan": "17.1.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-27T15:16:31.976846Z", "id": "CVE-2024-23314", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T15:25:06.327Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.204Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://my.f5.com/manage/s/article/K000137675"}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-23314 (string)

assignerOrgId : 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab (string)

state : PUBLISHED (string)

assignerShortName : f5 (string)

dateReserved : 2024-02-01T22:13:26.379Z (string)

datePublished : 2024-02-14T16:30:23.152Z (string)

dateUpdated : 2024-08-27T15:25:06.327Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unknown (string)

modules : [ »

0 : All Modules (string)

]

product : BIG-IP (string)

vendor : F5 (string)

versions : [ »

0 : { »

lessThan : 17.1.1 (string)

status : affected (string)

version : 17.1.0 (string)

versionType : custom (string)

}

1 : { »

lessThan : 16.1.4 (string)

status : affected (string)

version : 16.1.0 (string)

versionType : custom (string)

}

2 : { »

lessThan : 15.1.9 (string)

status : affected (string)

version : 15.1.0 (string)

versionType : custom (string)

}

]

}

1 : { »

defaultStatus : unknown (string)

product : BIG-IP Next SPK (string)

vendor : F5 (string)

versions : [ »

0 : { »

lessThan : 1.8.1 (string)

status : affected (string)

version : 1.5.0 (string)

versionType : custom (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

type : finder (string)

value : F5 (string)

}

]

datePublic : 2024-02-14T15:00:00.000Z (string)

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated (string)

}

]

value : When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-908 (string)

description : CWE-908 Use of Uninitialized Resource (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab (string)

shortName : f5 (string)

dateUpdated : 2024-02-14T16:30:23.152Z (string)

}

references : [ »

0 : { »

tags : [ »

0 : vendor-advisory (string)

]

url : https://my.f5.com/manage/s/article/K000137675 (string)

}

]

source : { »

discovery : INTERNAL (string)

}

title : BIG-IP HTTP/2 vulnerability (string)

x_generator : { »

engine : F5 SIRTBot v1.0 (string)

}

adp : [ »

0 : { »

affected : [ »

0 : { »

vendor : f5 (string)

product : big-ip_next_service_proxy_for_kubernetes (string)

cpes : [ »

0 : cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:1.5.0:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 1.5.0 (string)

status : affected (string)

lessThan : 1.8.1 (string)

versionType : custom (string)

}

]

}

1 : { »

vendor : f5 (string)

product : big-ip (string)

cpes : [ »

0 : cpe:2.3:a:f5:big-ip:15.1.0:*:*:*:*:*:*:* (string)

1 : cpe:2.3:a:f5:big-ip:16.1.0:*:*:*:*:*:*:* (string)

2 : cpe:2.3:a:f5:big-ip:17.1.0:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 15.1.0 (string)

status : affected (string)

lessThan : 15.1.9 (string)

versionType : custom (string)

}

1 : { »

version : 16.1.0 (string)

status : affected (string)

lessThan : 16.1.4 (string)

versionType : custom (string)

}

2 : { »

version : 17.1.0 (string)

status : affected (string)

lessThan : 17.1.1 (string)

versionType : custom (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-08-27T15:16:31.976846Z (string)

id : CVE-2024-23314 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-08-27T15:25:06.327Z (string)

}

1 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-01T22:59:32.204Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://my.f5.com/manage/s/article/K000137675 (string)

}

]

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://my.f5.com/manage/s/article/K000137675", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:59:32.204Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23314", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-27T15:16:31.976846Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:1.5.0:*:*:*:*:*:*:*"], "vendor": "f5", "product": "big-ip_next_service_proxy_for_kubernetes", "versions": [{"status": "affected", "version": "1.5.0", "lessThan": "1.8.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:f5:big-ip:15.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip:16.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip:17.1.0:*:*:*:*:*:*:*"], "vendor": "f5", "product": "big-ip", "versions": [{"status": "affected", "version": "15.1.0", "lessThan": "15.1.9", "versionType": "custom"}, {"status": "affected", "version": "16.1.0", "lessThan": "16.1.4", "versionType": "custom"}, {"status": "affected", "version": "17.1.0", "lessThan": "17.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:10.438Z"}}], "cna": {"title": "BIG-IP HTTP/2 vulnerability", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "F5"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "F5", "modules": ["All Modules"], "product": "BIG-IP", "versions": [{"status": "affected", "version": "17.1.0", "lessThan": "17.1.1", "versionType": "custom"}, {"status": "affected", "version": "16.1.0", "lessThan": "16.1.4", "versionType": "custom"}, {"status": "affected", "version": "15.1.0", "lessThan": "15.1.9", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "F5", "product": "BIG-IP Next SPK", "versions": [{"status": "affected", "version": "1.5.0", "lessThan": "1.8.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "datePublic": "2024-02-14T15:00:00.000Z", "references": [{"url": "https://my.f5.com/manage/s/article/K000137675", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "F5 SIRTBot v1.0"}, "descriptions": [{"lang": "en", "value": "When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated", "supportingMedia": [{"type": "text/html", "value": "When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate.&nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-908", "description": "CWE-908 Use of Uninitialized Resource"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2024-02-14T16:30:23.152Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23314", "state": "PUBLISHED", "dateUpdated": "2024-08-27T15:25:06.327Z", "dateReserved": "2024-02-01T22:13:26.379Z", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "datePublished": "2024-02-14T16:30:23.152Z", "assignerShortName": "f5"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://my.f5.com/manage/s/article/K000137675 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-01T22:59:32.204Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-23314 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-08-27T15:16:31.976846Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:1.5.0:*:*:*:*:*:*:* (string)

]

vendor : f5 (string)

product : big-ip_next_service_proxy_for_kubernetes (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.5.0 (string)

lessThan : 1.8.1 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

1 : { »

cpes : [ »

0 : cpe:2.3:a:f5:big-ip:15.1.0:*:*:*:*:*:*:* (string)

1 : cpe:2.3:a:f5:big-ip:16.1.0:*:*:*:*:*:*:* (string)

2 : cpe:2.3:a:f5:big-ip:17.1.0:*:*:*:*:*:*:* (string)

]

vendor : f5 (string)

product : big-ip (string)

versions : [ »

0 : { »

status : affected (string)

version : 15.1.0 (string)

lessThan : 15.1.9 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : 16.1.0 (string)

lessThan : 16.1.4 (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : 17.1.0 (string)

lessThan : 17.1.1 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-05-23T19:01:10.438Z (string)

}

]

cna : { »

title : BIG-IP HTTP/2 vulnerability (string)

source : { »

discovery : INTERNAL (string)

}

credits : [ »

0 : { »

lang : en (string)

type : finder (string)

value : F5 (string)

}

]

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 7.5 (number)

attackVector : NETWORK (string)

baseSeverity : HIGH (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

integrityImpact : NONE (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : NONE (string)

confidentialityImpact : NONE (string)

}

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

affected : [ »

0 : { »

vendor : F5 (string)

modules : [ »

0 : All Modules (string)

]

product : BIG-IP (string)

versions : [ »

0 : { »

status : affected (string)

version : 17.1.0 (string)

lessThan : 17.1.1 (string)

versionType : custom (string)

}

1 : { »

status : affected (string)

version : 16.1.0 (string)

lessThan : 16.1.4 (string)

versionType : custom (string)

}

2 : { »

status : affected (string)

version : 15.1.0 (string)

lessThan : 15.1.9 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

1 : { »

vendor : F5 (string)

product : BIG-IP Next SPK (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.5.0 (string)

lessThan : 1.8.1 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

]

datePublic : 2024-02-14T15:00:00.000Z (string)

references : [ »

0 : { »

url : https://my.f5.com/manage/s/article/K000137675 (string)

tags : [ »

0 : vendor-advisory (string)

]

}

]

x_generator : { »

engine : F5 SIRTBot v1.0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated (string)

base64 : false (boolean)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-908 (string)

description : CWE-908 Use of Uninitialized Resource (string)

}

]

}

]

providerMetadata : { »

orgId : 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab (string)

shortName : f5 (string)

dateUpdated : 2024-02-14T16:30:23.152Z (string)

}

cveMetadata : { »

cveId : CVE-2024-23314 (string)

state : PUBLISHED (string)

dateUpdated : 2024-08-27T15:25:06.327Z (string)

dateReserved : 2024-02-01T22:13:26.379Z (string)

assignerOrgId : 9dacffd4-cb11-413f-8451-fbbfd4ddc0ab (string)

datePublished : 2024-02-14T16:30:23.152Z (string)

assignerShortName : f5 (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "F11226F6-9080-4126-ACBD-7211A2746214", "versionEndExcluding": "15.1.9", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8F16422-A642-4614-96F2-E5B4877E8206", "versionEndExcluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B4F2DBC-4DA1-42D8-9BD9-2EAADA27CCDE", "versionEndIncluding": "8.3.0", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DD4CF11-44E9-4596-9397-AF7DBD81277B", "versionEndExcluding": "15.1.9", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE979976-11C7-4AFF-8BE4-A094CC9C39CF", "versionEndExcluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A1CC91B-6920-4AF0-9EDD-DD3189E78F4D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "16795277-E8E2-4713-BD65-207655546649", "versionEndExcluding": "15.1.9", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "0835E39B-F21E-4231-A4B9-5D511FF1B87A", "versionEndExcluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "59203EBF-C52A-45A1-B8DF-00E17E3EFB51", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "F005EFFD-3A40-4762-B0D6-8760C406130F", "versionEndExcluding": "15.1.9", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8705476E-A246-4B57-A0E1-FD626C1B0DE5", "versionEndExcluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C698C1C-A3DD-46E2-B05A-12F2604E7F85", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D82BCD8-136A-476C-AC86-710CA8B32EB7", "versionEndExcluding": "15.1.9", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "377DE308-CF91-488A-B296-30A3B09451D3", "versionEndExcluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "87670A74-34FE-45DF-A725-25B804C845B3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0FE692A-CD63-4354-B599-2F47EEEFDD37", "versionEndExcluding": "15.1.9", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2F02EC0-E6C2-4E00-9804-043982D88BCE", "versionEndExcluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "84D00768-E71B-4FF7-A7BF-F2C8CFBC900D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4958167-AB1F-4458-A06B-1B2DA313EEBD", "versionEndExcluding": "15.1.9", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "D982C3E6-43DE-4AA8-889F-044E70C7FCB2", "versionEndExcluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "ABBD10E8-6054-408F-9687-B9BF6375CA09", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "944B8F9C-E5C6-4DA8-BF2B-1C0B6A388BC4", "versionEndExcluding": "15.1.9", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DB6C626-BA78-4C06-8582-BFFCDF957429", "versionEndExcluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "83794B04-87E2-4CA9-81F5-BB820D0F5395", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCFAFFAC-000C-414D-83CF-B8B2C529D9CF", "versionEndExcluding": "15.1.9", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "E68BFC75-6977-4644-A169-48263B896849", "versionEndExcluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A6E7035-3299-474F-8F67-945EA9A059D0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "672067B7-C838-4F0B-B3D0-E85F71715B0A", "versionEndExcluding": "15.1.9", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4C17D18-1172-4396-9099-F1F5EAEACE5A", "versionEndExcluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "56FB92F7-FF1E-425D-A5AB-9D9FB0BB9450", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1871634A-7609-4D01-8469-3D86F36DC19D", "versionEndExcluding": "15.1.9", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "603324D6-FE7A-4209-B92B-94EF09AB5FF2", "versionEndExcluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "667EB77B-DA13-4BA4-9371-EE3F3A109F38", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "58401E1A-1240-45F0-A84A-E4F84E37F215", "versionEndExcluding": "1.8.1", "versionStartIncluding": "1.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"}, {"lang": "es", "value": "Cuando HTTP/2 est\u00e1 configurado en sistemas BIG-IP o BIG-IP Next SPK, las respuestas no reveladas pueden provocar la finalizaci\u00f3n del Microkernel de gesti\u00f3n de tr\u00e1fico (TMM). Nota: Las versiones de software que han llegado al final del soporte t\u00e9cnico (EoTS) no se eval\u00faan"}], "id": "CVE-2024-23314", "lastModified": "2025-01-23T19:52:38.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "f5sirt@f5.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-14T17:15:13.387", "references": [{"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://my.f5.com/manage/s/article/K000137675"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://my.f5.com/manage/s/article/K000137675"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "f5sirt@f5.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F11226F6-9080-4126-ACBD-7211A2746214 (string)

versionEndExcluding : 15.1.9 (string)

versionStartIncluding : 15.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A8F16422-A642-4614-96F2-E5B4877E8206 (string)

versionEndExcluding : 16.1.4 (string)

versionStartIncluding : 16.1.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 1B4F2DBC-4DA1-42D8-9BD9-2EAADA27CCDE (string)

versionEndIncluding : 8.3.0 (string)

versionStartIncluding : 8.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6DD4CF11-44E9-4596-9397-AF7DBD81277B (string)

versionEndExcluding : 15.1.9 (string)

versionStartIncluding : 15.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : DE979976-11C7-4AFF-8BE4-A094CC9C39CF (string)

versionEndExcluding : 16.1.4 (string)

versionStartIncluding : 16.1.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 1A1CC91B-6920-4AF0-9EDD-DD3189E78F4D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 16795277-E8E2-4713-BD65-207655546649 (string)

versionEndExcluding : 15.1.9 (string)

versionStartIncluding : 15.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0835E39B-F21E-4231-A4B9-5D511FF1B87A (string)

versionEndExcluding : 16.1.4 (string)

versionStartIncluding : 16.1.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 59203EBF-C52A-45A1-B8DF-00E17E3EFB51 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F005EFFD-3A40-4762-B0D6-8760C406130F (string)

versionEndExcluding : 15.1.9 (string)

versionStartIncluding : 15.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8705476E-A246-4B57-A0E1-FD626C1B0DE5 (string)

versionEndExcluding : 16.1.4 (string)

versionStartIncluding : 16.1.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 5C698C1C-A3DD-46E2-B05A-12F2604E7F85 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8D82BCD8-136A-476C-AC86-710CA8B32EB7 (string)

versionEndExcluding : 15.1.9 (string)

versionStartIncluding : 15.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 377DE308-CF91-488A-B296-30A3B09451D3 (string)

versionEndExcluding : 16.1.4 (string)

versionStartIncluding : 16.1.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 87670A74-34FE-45DF-A725-25B804C845B3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C0FE692A-CD63-4354-B599-2F47EEEFDD37 (string)

versionEndExcluding : 15.1.9 (string)

versionStartIncluding : 15.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B2F02EC0-E6C2-4E00-9804-043982D88BCE (string)

versionEndExcluding : 16.1.4 (string)

versionStartIncluding : 16.1.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 84D00768-E71B-4FF7-A7BF-F2C8CFBC900D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

7 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E4958167-AB1F-4458-A06B-1B2DA313EEBD (string)

versionEndExcluding : 15.1.9 (string)

versionStartIncluding : 15.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D982C3E6-43DE-4AA8-889F-044E70C7FCB2 (string)

versionEndExcluding : 16.1.4 (string)

versionStartIncluding : 16.1.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : ABBD10E8-6054-408F-9687-B9BF6375CA09 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

8 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 944B8F9C-E5C6-4DA8-BF2B-1C0B6A388BC4 (string)

versionEndExcluding : 15.1.9 (string)

versionStartIncluding : 15.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7DB6C626-BA78-4C06-8582-BFFCDF957429 (string)

versionEndExcluding : 16.1.4 (string)

versionStartIncluding : 16.1.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 83794B04-87E2-4CA9-81F5-BB820D0F5395 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

9 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (string)

matchCriteriaId : DCFAFFAC-000C-414D-83CF-B8B2C529D9CF (string)

versionEndExcluding : 15.1.9 (string)

versionStartIncluding : 15.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E68BFC75-6977-4644-A169-48263B896849 (string)

versionEndExcluding : 16.1.4 (string)

versionStartIncluding : 16.1.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 0A6E7035-3299-474F-8F67-945EA9A059D0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

10 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 672067B7-C838-4F0B-B3D0-E85F71715B0A (string)

versionEndExcluding : 15.1.9 (string)

versionStartIncluding : 15.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A4C17D18-1172-4396-9099-F1F5EAEACE5A (string)

versionEndExcluding : 16.1.4 (string)

versionStartIncluding : 16.1.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 56FB92F7-FF1E-425D-A5AB-9D9FB0BB9450 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

11 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 1871634A-7609-4D01-8469-3D86F36DC19D (string)

versionEndExcluding : 15.1.9 (string)

versionStartIncluding : 15.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 603324D6-FE7A-4209-B92B-94EF09AB5FF2 (string)

versionEndExcluding : 16.1.4 (string)

versionStartIncluding : 16.1.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 667EB77B-DA13-4BA4-9371-EE3F3A109F38 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

12 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 58401E1A-1240-45F0-A84A-E4F84E37F215 (string)

versionEndExcluding : 1.8.1 (string)

versionStartIncluding : 1.5.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated (string)

}

1 : { »

lang : es (string)

value : Cuando HTTP/2 está configurado en sistemas BIG-IP o BIG-IP Next SPK, las respuestas no reveladas pueden provocar la finalización del Microkernel de gestión de tráfico (TMM). Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan (string)

}

]

id : CVE-2024-23314 (string)

lastModified : 2025-01-23T19:52:38.097 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : f5sirt@f5.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-02-14T17:15:13.387 (string)

references : [ »

0 : { »

source : f5sirt@f5.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://my.f5.com/manage/s/article/K000137675 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://my.f5.com/manage/s/article/K000137675 (string)

}

]

sourceIdentifier : f5sirt@f5.com (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-908 (string)

}

]

source : f5sirt@f5.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object