CVE-2024-24966

CWE-863Incorrect Authorization4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.3%
top 50.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
F5 F5os - ApplianceF5 F5os - ChassisF5 F5os-c+1 more
Timeline
PublishedFeb 14

Description

When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages4 packages

NVDf5/f5os-c1.3.01.6.0
CVEListV5f5/f5os_-_chassis1.3.01.6.0
CVEListV5f5/f5os_-_appliance1.2.01.3.0
NVDf5/f5os-a1.2.0

🔴Vulnerability Details

2
CVEList
F5OS vulnerability2024-02-14
GHSA
GHSA-fgh6-x5w4-82cg: When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized2024-02-14

📋Vendor Advisories

1
F5
CVE-2024-24966: When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly aut...2024-02-14
CVE-2024-24966 (MEDIUM CVSS 5.5) | When LDAP remote authentication is | cvebase.io