CVE-2024-32049 - OpenCVE

BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://my.f5.com/manage/s/article/K000138634

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: f5

Published: 2024-05-08T15:01:26.346Z

Updated: 2024-06-04T17:51:30.134Z

Reserved: 2024-04-24T21:34:20.662Z

Link: CVE-2024-32049

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-05-08T15:15:09.987

Modified: 2024-05-08T17:05:24.083

Link: CVE-2024-32049

JSON object: View

Redhat Information

No data.

CWE

CWE-300

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32049", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "state": "PUBLISHED", "assignerShortName": "f5", "dateReserved": "2024-04-24T21:34:20.662Z", "datePublished": "2024-05-08T15:01:26.346Z", "dateUpdated": "2024-06-04T17:51:30.134Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "BIG-IP Next Central Manager", "vendor": "F5", "versions": [{"lessThan": "20.1.0", "status": "affected", "version": "20.0.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "F5"}], "datePublic": "2024-05-08T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials.</span><span style=\"background-color: rgb(255, 255, 255);\"> \n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.</span><br>"}], "value": "BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials.\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-300", "description": "CWE-300 Channel Accessible by Non-Endpoint", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2024-05-08T15:01:26.346Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://my.f5.com/manage/s/article/K000138634"}], "source": {"discovery": "INTERNAL"}, "title": "BIG-IP Next Central Manager vulnerability", "x_generator": {"engine": "F5 SIRTBot v1.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32049", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-08T17:35:53.206430Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:f5:big-ip_next_central_manager:20.0.1:*:*:*:*:*:*:*"], "vendor": "f5", "product": "big-ip_next_central_manager", "versions": [{"status": "affected", "version": "20.0.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:51:30.134Z"}}]}}