CVE-2024-23314 - Vulnerability Details

Description

When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Published: 2024-02-14

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

BIG-IP

unknown

Version	Status	Constraints
`17.1.0`	affected	< 17.1.1
`16.1.0`	affected	< 16.1.4
`15.1.0`	affected	< 15.1.9

BIG-IP Next SPK

unknown

Version	Status	Constraints
`1.5.0`	affected	< 1.8.1

Configuration 1 [-]

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:::::::*

Configuration 2 [-]

cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics:17.1.0:::::::*

Configuration 5 [-]

OR	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:::::::*

Configuration 6 [-]

OR	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:::::::*

Configuration 7 [-]

OR	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:::::::*

Configuration 8 [-]

OR	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:::::::*

Configuration 9 [-]

OR	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:::::::*

Configuration 10 [-]

OR	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller:17.1.0:::::::*

Configuration 11 [-]

OR	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:::::::*

Configuration 12 [-]

OR	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:::::::*

Configuration 13 [-]

cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-20832	When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00267.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://my.f5.com/manage/s/article/K000137675

History

Thu, 23 Jan 2025 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		F5 F5 big-ip Access Policy Manager F5 big-ip Advanced Firewall Manager F5 big-ip Analytics F5 big-ip Application Acceleration Manager F5 big-ip Application Security Manager F5 big-ip Domain Name System F5 big-ip Fraud Protection Service F5 big-ip Global Traffic Manager F5 big-ip Link Controller F5 big-ip Local Traffic Manager F5 big-ip Next Service Proxy For Kubernetes F5 big-ip Policy Enforcement Manager F5 big-iq Centralized Management
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:f5:big-ip_access_policy_manager:::::::: cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_advanced_firewall_manager:::::::: cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_analytics:::::::: cpe:2.3:a:f5:big-ip_analytics:17.1.0:::::::* cpe:2.3:a:f5:big-ip_application_acceleration_manager:::::::: cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_application_security_manager:::::::: cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_domain_name_system:::::::: cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:::::::* cpe:2.3:a:f5:big-ip_fraud_protection_service:::::::: cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:::::::* cpe:2.3:a:f5:big-ip_global_traffic_manager:::::::: cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_link_controller:::::::: cpe:2.3:a:f5:big-ip_link_controller:17.1.0:::::::* cpe:2.3:a:f5:big-ip_local_traffic_manager:::::::: cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:::::::: cpe:2.3:a:f5:big-ip_policy_enforcement_manager:::::::: cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:::::::* cpe:2.3:a:f5:big-iq_centralized_management::::::::
Vendors & Products		F5 F5 big-ip Access Policy Manager F5 big-ip Advanced Firewall Manager F5 big-ip Analytics F5 big-ip Application Acceleration Manager F5 big-ip Application Security Manager F5 big-ip Domain Name System F5 big-ip Fraud Protection Service F5 big-ip Global Traffic Manager F5 big-ip Link Controller F5 big-ip Local Traffic Manager F5 big-ip Next Service Proxy For Kubernetes F5 big-ip Policy Enforcement Manager F5 big-iq Centralized Management

Subscriptions

F5 Big-ip Access Policy Manager Big-ip Advanced Firewall Manager Big-ip Analytics Big-ip Application Acceleration Manager Big-ip Application Security Manager Big-ip Domain Name System Big-ip Fraud Protection Service Big-ip Global Traffic Manager Big-ip Link Controller Big-ip Local Traffic Manager Big-ip Next Service Proxy For Kubernetes Big-ip Policy Enforcement Manager Big-iq Centralized Management

MITRE

Status: PUBLISHED

Assigner: f5

Published: 2024-02-14T16:30:23.152Z

Updated: 2024-08-27T15:25:06.327Z

Reserved: 2024-02-01T22:13:26.379Z

Link: CVE-2024-23314

Vulnrichment

Updated: 2024-08-01T22:59:32.204Z

NVD

Status : Analyzed

Published: 2024-02-14T17:15:13.387

Modified: 2025-01-23T19:52:38.097

Link: CVE-2024-23314

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object