CVE-2024-23306 - OpenCVE

A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://my.f5.com/manage/s/article/K000137886

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: f5

Published: 2024-02-14T16:30:23.515Z

Updated: 2024-06-04T17:46:11.754Z

Reserved: 2024-02-01T22:13:58.485Z

Link: CVE-2024-23306

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-02-14T17:15:13.007

Modified: 2024-02-14T18:04:45.380

Link: CVE-2024-23306

JSON object: View

Redhat Information

No data.

CWE

CWE-522

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23306", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "state": "PUBLISHED", "assignerShortName": "f5", "dateReserved": "2024-02-01T22:13:58.485Z", "datePublished": "2024-02-14T16:30:23.515Z", "dateUpdated": "2024-06-04T17:46:11.754Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "BIG-IP Next SPK", "vendor": "F5", "versions": [{"lessThan": "1.5.0", "status": "affected", "version": "1.3.0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "product": "BIG-IP Next CNF", "vendor": "F5", "versions": [{"lessThan": "1.2.0", "status": "affected", "version": "1.0.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "F5"}], "datePublic": "2024-02-14T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files.</span>  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"}], "value": "\nA vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2024-02-14T17:29:14.631Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://my.f5.com/manage/s/article/K000137886"}], "source": {"discovery": "INTERNAL"}, "title": "BIG-IP Next CNF & SPK vulnerability", "x_generator": {"engine": "F5 SIRTBot v1.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23306", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-21T20:31:33.169264Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:46:11.754Z"}}]}}