CVE-2024-37028

CWE-645 CWE-287 — Improper Authentication4 documents4 sources

Severity

6.3MEDIUM

EPSS

0.3%

top 51.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Next Central Manager

Timeline

PublishedAug 14

Description

BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5f5/big-ip_next_central_manager20.1.0 — 20.2.1

▶NVDf5/big-ip_next_central_manager20.1.0 — 20.2.1

🔴Vulnerability Details

CVEList

BIG-IP Next Central Manager vulnerability↗2024-08-14

▶

GHSA

GHSA-9pmg-927m-mm79: BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in↗2024-08-14

▶

📋Vendor Advisories

CVE-2024-37028: BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in↗2024-08-14

▶