CVE-2014-4024 — Sensitive Information Exposure in F5 Big-ip Access Policy Manager

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.7%

top 26.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +10 more

Timeline

PublishedMar 19

Latest updateMay 14

Description

SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer (SSL) accelerator cards, might allow remote attackers to have unspecified impact via a timing side-channel attack.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages13 packages

▶NVDf5/big-ip_webaccelerator10.0.0 — 10.2.4+1

▶NVDf5/big-ip_analytics11.0.0 — 11.5.1

▶NVDf5/big-ip_edge_gateway10.1.0 — 10.2.4+1

▶NVDf5/big-ip_link_controller10.0.0 — 10.2.4+1

▶NVDf5/big-ip_access_policy_manager10.1.0 — 10.2.4+1

🔴Vulnerability Details

GHSA

GHSA-hm3w-fr55-jqrr: SSL virtual servers in F5 BIG-IP systems 10↗2022-05-14

▶

CVEList

CVE-2014-4024: SSL virtual servers in F5 BIG-IP systems 10↗2018-03-19

▶

OSV

imlib2 vulnerabilities↗2016-09-09

▶