ByteOS Network

Vulnerability Details :

CVE-2024-23314

Assigner-f5

Assigner Org ID-9dacffd4-cb11-413f-8451-fbbfd4ddc0ab

Published At-14 Feb, 2024 | 16:30

Updated At-27 Aug, 2024 | 15:25

BIG-IP HTTP/2 vulnerability

When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:f5

Assigner Org ID:9dacffd4-cb11-413f-8451-fbbfd4ddc0ab

Published At:14 Feb, 2024 | 16:30

Updated At:27 Aug, 2024 | 15:25

▼CVE Numbering Authority (CNA)

BIG-IP HTTP/2 vulnerability

Affected Products

Vendor

F5, Inc.

Product

BIG-IP

Modules

All Modules

Default Status

unknown

Versions

Affected

From 17.1.0 before 17.1.1 (custom)
From 16.1.0 before 16.1.4 (custom)
From 15.1.0 before 15.1.9 (custom)

Vendor

F5, Inc.

Product

BIG-IP Next SPK

Default Status

unknown

Versions

Affected

From 1.5.0 before 1.8.1 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-908	CWE-908 Use of Uninitialized Resource

Type: CWE

CWE ID: CWE-908

Description: CWE-908 Use of Uninitialized Resource

Metrics

Version	Base score	Base severity	Vector
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Credits

finder

References

Hyperlink	Resource
https://my.f5.com/manage/s/article/K000137675	vendor-advisory

Hyperlink: https://my.f5.com/manage/s/article/K000137675

Resource:

vendor-advisory

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Affected Products

Vendor

F5, Inc.

Product

big-ip_next_service_proxy_for_kubernetes

CPEs

cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:1.5.0:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 1.5.0 before 1.8.1 (custom)

Vendor

F5, Inc.

Product

big-ip

CPEs

cpe:2.3:a:f5:big-ip:15.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip:16.1.0:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip:17.1.0:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 15.1.0 before 15.1.9 (custom)
From 16.1.0 before 16.1.4 (custom)
From 17.1.0 before 17.1.1 (custom)

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://my.f5.com/manage/s/article/K000137675	vendor-advisory x_transferred

Hyperlink: https://my.f5.com/manage/s/article/K000137675

Resource:

vendor-advisory

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:f5sirt@f5.com

Published At:14 Feb, 2024 | 17:15

Updated At:23 Jan, 2025 | 19:52

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CPE Matches

F5, Inc.

>>big-ip_access_policy_manager>>Versions from 15.1.0(inclusive) to 15.1.9(exclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_access_policy_manager>>Versions from 16.1.0(inclusive) to 16.1.4(exclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_access_policy_manager>>17.1.0

cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*

F5, Inc.

>>big-iq_centralized_management>>Versions from 8.0.0(inclusive) to 8.3.0(inclusive)

cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_advanced_firewall_manager>>Versions from 15.1.0(inclusive) to 15.1.9(exclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_advanced_firewall_manager>>Versions from 16.1.0(inclusive) to 16.1.4(exclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_advanced_firewall_manager>>17.1.0

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_analytics>>Versions from 15.1.0(inclusive) to 15.1.9(exclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_analytics>>Versions from 16.1.0(inclusive) to 16.1.4(exclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_analytics>>17.1.0

cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_application_acceleration_manager>>Versions from 15.1.0(inclusive) to 15.1.9(exclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_application_acceleration_manager>>Versions from 16.1.0(inclusive) to 16.1.4(exclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_application_acceleration_manager>>17.1.0

cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_application_security_manager>>Versions from 15.1.0(inclusive) to 15.1.9(exclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_application_security_manager>>Versions from 16.1.0(inclusive) to 16.1.4(exclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_application_security_manager>>17.1.0

cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_domain_name_system>>Versions from 15.1.0(inclusive) to 15.1.9(exclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_domain_name_system>>Versions from 16.1.0(inclusive) to 16.1.4(exclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_domain_name_system>>17.1.0

cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_fraud_protection_service>>Versions from 15.1.0(inclusive) to 15.1.9(exclusive)

cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_fraud_protection_service>>Versions from 16.1.0(inclusive) to 16.1.4(exclusive)

cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_fraud_protection_service>>17.1.0

cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_global_traffic_manager>>Versions from 15.1.0(inclusive) to 15.1.9(exclusive)

cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_global_traffic_manager>>Versions from 16.1.0(inclusive) to 16.1.4(exclusive)

cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_global_traffic_manager>>17.1.0

cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_link_controller>>Versions from 15.1.0(inclusive) to 15.1.9(exclusive)

cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_link_controller>>Versions from 16.1.0(inclusive) to 16.1.4(exclusive)

cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_link_controller>>17.1.0

cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_local_traffic_manager>>Versions from 15.1.0(inclusive) to 15.1.9(exclusive)

cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_local_traffic_manager>>Versions from 16.1.0(inclusive) to 16.1.4(exclusive)

cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_local_traffic_manager>>17.1.0

cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_policy_enforcement_manager>>Versions from 15.1.0(inclusive) to 15.1.9(exclusive)

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_policy_enforcement_manager>>Versions from 16.1.0(inclusive) to 16.1.4(exclusive)

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_policy_enforcement_manager>>17.1.0

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*

F5, Inc.

>>big-ip_next_service_proxy_for_kubernetes>>Versions from 1.5.0(inclusive) to 1.8.1(exclusive)

cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-908	Secondary	f5sirt@f5.com
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: CWE-908

Type: Secondary

Source: f5sirt@f5.com

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://my.f5.com/manage/s/article/K000137675	f5sirt@f5.com	Vendor Advisory
https://my.f5.com/manage/s/article/K000137675	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory

Hyperlink: https://my.f5.com/manage/s/article/K000137675

Source: f5sirt@f5.com

Resource:

Vendor Advisory

Hyperlink: https://my.f5.com/manage/s/article/K000137675

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

CVE-2024-23314

Credits

BIG-IP HTTP/2 vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs