The Central Manager user session refresh token does not expire when a user logs out.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 19 Aug 2024 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:f5:big-ip_next_central_manager:20.1.0:*:*:*:*:*:*:*

Wed, 14 Aug 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 big-ip Next Central Manager
CPEs cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*
Vendors & Products F5
F5 big-ip Next Central Manager
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 14 Aug 2024 14:45:00 +0000

Type Values Removed Values Added
Description The Central Manager user session refresh token does not expire when a user logs out.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Title BIG-IP Next Central Manager vulnerability
Weaknesses CWE-613
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.9, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2024-08-22T03:55:17.142Z

Reserved: 2024-07-22T19:43:52.853Z

Link: CVE-2024-39809

cve-icon Vulnrichment

Updated: 2024-08-14T18:55:29.244Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-14T15:15:26.820

Modified: 2024-08-19T16:19:52.530

Link: CVE-2024-39809

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.