{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23976", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "state": "PUBLISHED", "assignerShortName": "f5", "dateReserved": "2024-02-01T22:13:26.339Z", "datePublished": "2024-02-14T16:30:20.173Z", "dateUpdated": "2024-08-01T23:13:08.251Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["Appliance Mode"], "product": "BIG-IP", "vendor": "F5", "versions": [{"lessThan": "17.1.1", "status": "affected", "version": "17.1.0", "versionType": "custom"}, {"lessThan": "16.1.4", "status": "affected", "version": "16.1.0 ", "versionType": "custom"}, {"lessThan": "15.1.9", "status": "affected", "version": "15.1.0 ", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "F5"}], "datePublic": "2024-02-14T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance<br>mode restrictions utilizing iAppsLX templates on a BIG-IP system. &nbsp;Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"}], "value": "When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance\nmode restrictions utilizing iAppsLX templates on a BIG-IP system. \u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2024-02-14T16:30:20.173Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://my.f5.com/manage/s/article/K91054692"}], "source": {"discovery": "INTERNAL"}, "title": "BIG-IP Appliance mode iAppsLX vulnerability", "x_generator": {"engine": "F5 SIRTBot v1.0"}}, "adp": [{"affected": [{"vendor": "f5", "product": "big-ip", "cpes": ["cpe:2.3:a:f5:big-ip:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "17.1.0", "status": "affected", "lessThan": "17.1.1", "versionType": "custom"}, {"version": "16.1.0", "status": "affected", "lessThan": "16.1.4", "versionType": "custom"}, {"version": "15.1.0", "status": "affected", "lessThan": "15.1.9", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-15T16:29:49.640013Z", "id": "CVE-2024-23976", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T17:56:07.282Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.251Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://my.f5.com/manage/s/article/K91054692"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://my.f5.com/manage/s/article/K91054692", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.251Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23976", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-02-15T16:29:49.640013Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:f5:big-ip:-:*:*:*:*:*:*:*"], "vendor": "f5", "product": "big-ip", "versions": [{"status": "affected", "version": "17.1.0", "lessThan": "17.1.1", "versionType": "custom"}, {"status": "affected", "version": "16.1.0", "lessThan": "16.1.4", "versionType": "custom"}, {"status": "affected", "version": "15.1.0", "lessThan": "15.1.9", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T17:48:43.124Z"}}], "cna": {"title": "BIG-IP Appliance mode iAppsLX vulnerability", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "F5"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "F5", "modules": ["Appliance Mode"], "product": "BIG-IP", "versions": [{"status": "affected", "version": "17.1.0", "lessThan": "17.1.1", "versionType": "custom"}, {"status": "affected", "version": "16.1.0 ", "lessThan": "16.1.4", "versionType": "custom"}, {"status": "affected", "version": "15.1.0 ", "lessThan": "15.1.9", "versionType": "custom"}], "defaultStatus": "unknown"}], "datePublic": "2024-02-14T15:00:00.000Z", "references": [{"url": "https://my.f5.com/manage/s/article/K91054692", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "F5 SIRTBot v1.0"}, "descriptions": [{"lang": "en", "value": "When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance\nmode restrictions utilizing iAppsLX templates on a BIG-IP system. \u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated", "supportingMedia": [{"type": "text/html", "value": "When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance<br>mode restrictions utilizing iAppsLX templates on a BIG-IP system. &nbsp;Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2024-02-14T16:30:20.173Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23976", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:13:08.251Z", "dateReserved": "2024-02-01T22:13:26.339Z", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "datePublished": "2024-02-14T16:30:20.173Z", "assignerShortName": "f5"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance\nmode restrictions utilizing iAppsLX templates on a BIG-IP system. \u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"}, {"lang": "es", "value": "Cuando se ejecuta en modo Dispositivo, un atacante autenticado al que se le haya asignado la funci\u00f3n de Administrador puede eludir las restricciones del modo Dispositivo utilizando plantillas iAppsLX en un sistema BIG-IP. Nota: Las versiones de software que han llegado al final del soporte t\u00e9cnico (EoTS) no se eval\u00faan"}], "id": "CVE-2024-23976", "lastModified": "2024-02-14T18:04:45.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "f5sirt@f5.com", "type": "Secondary"}]}, "published": "2024-02-14T17:15:14.273", "references": [{"source": "f5sirt@f5.com", "url": "https://my.f5.com/manage/s/article/K91054692"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "f5sirt@f5.com", "type": "Secondary"}]}

{}