CVE-2024-28883

CWE-3464 documents4 sources

Severity

7.4HIGH

EPSS

0.1%

top 79.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip F5 Big-ip Edge Client F5 Big-ip Access Policy Manager +1 more

Timeline

PublishedMay 8

Description

An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages4 packages

▶NVDf5/big-ip_access_policy_manager_client7.2.3 — 7.2.4.4

▶CVEListV5f5/big-ip_edge_client7.2.3 — 7.2.4.4

▶NVDf5/big-ip_access_policy_manager15.1.0 — 15.1.10.3+2

▶CVEListV5f5/big-ip17.1.0 — 17.1.1+2

🔴Vulnerability Details

GHSA

GHSA-w6q8-c6q3-jvxr: An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker↗2024-05-08

▶

CVEList

BIG-IP APM browser network access VPN client vulnerability↗2024-05-08

▶

📋Vendor Advisories

CVE-2024-28883: An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS a...↗2024-05-08

▶