CVE-2023-24461

CWE-295Improper Certificate Validation4 documents4 sources
Severity
5.9MEDIUM
EPSS
0.2%
top 58.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 Big-ip Edge ClientF5 Big-ip Access Policy Manager
Timeline
PublishedMay 3
Latest updateJul 6

Description

An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

CVEListV5f5/big-ip_edge_client7.2.27.2.4.1
NVDf5/big-ip_access_policy_manager7.2.27.2.4.1+5

🔴Vulnerability Details

2
GHSA
GHSA-97vp-r5m3-j8hv: An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG2023-07-06
CVEList
BIG-IP Edge Client for Windows and macOS vulnerability2023-05-03

📋Vendor Advisories

1
F5
CVE-2023-24461: An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow...2023-05-03
CVE-2023-24461 (MEDIUM CVSS 5.9) | An improper certificate validation | cvebase.io