CVE-2024-23976

CWE-2664 documents4 sources
Severity
6.0MEDIUM
EPSS
0.0%
top 96.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
F5 Big-ipF5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall Manager+10 more
Timeline
PublishedFeb 14

Description

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 0.8 | Impact: 5.2

Affected Packages13 packages

NVDf5/big-ip_domain_name_system15.1.015.1.9+2
CVEListV5f5/big-ip17.1.017.1.1+2
NVDf5/big-ip_analytics15.1.015.1.9+2
NVDf5/big-ip_link_controller15.1.015.1.9+2
NVDf5/big-ip_access_policy_manager15.1.015.1.9+2

🔴Vulnerability Details

2
CVEList
BIG-IP Appliance mode iAppsLX vulnerability2024-02-14
GHSA
GHSA-gx7x-8xvv-gh38: When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing2024-02-14

📋Vendor Advisories

1
F5
CVE-2024-23976: When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appli...2024-02-14
CVE-2024-23976 (MEDIUM CVSS 6) | When running in Appliance mode | cvebase.io