CVE-2024-33612

An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://my.f5.com/manage/s/article/K000139012	Vendor Advisory
https://my.f5.com/manage/s/article/K000139012	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*

History

12 Dec 2024, 18:59

Type	Values Removed	Values Added
References	~~() https://my.f5.com/manage/s/article/K000139012 -~~	() https://my.f5.com/manage/s/article/K000139012 - Vendor Advisory
First Time		F5 F5 big-ip Next Central Manager
CPE		cpe:2.3:a:f5:big-ip_next_central_manager::::::::

21 Nov 2024, 09:17

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de validación de certificados incorrecta en BIG-IP Next Central Manager y puede permitir que un atacante se haga pasar por un sistema de proveedor de instancias. Una explotación exitosa de esta vulnerabilidad puede permitir al atacante cruzar un límite de seguridad. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan.
References	~~() https://my.f5.com/manage/s/article/K000139012 -~~	() https://my.f5.com/manage/s/article/K000139012 -

08 May 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-08 15:15

Updated : 2024-12-12 18:59

NVD link : CVE-2024-33612

Mitre link : CVE-2024-33612

CVE.ORG link : CVE-2024-33612

JSON object : View

Products Affected

f5

big-ip_next_central_manager

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2024-33612", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "f5sirt@f5.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.6}]}, "published": "2024-05-08T15:15:11.113", "references": [{"url": "https://my.f5.com/manage/s/article/K000139012", "tags": ["Vendor Advisory"], "source": "f5sirt@f5.com"}, {"url": "https://my.f5.com/manage/s/article/K000139012", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "f5sirt@f5.com", "description": [{"lang": "en", "value": "CWE-295"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "\n\n\nAn improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de validaci\u00f3n de certificados incorrecta en BIG-IP Next Central Manager y puede permitir que un atacante se haga pasar por un sistema de proveedor de instancias. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede permitir al atacante cruzar un l\u00edmite de seguridad. Nota: Las versiones de software que han llegado al final del soporte t\u00e9cnico (EoTS) no se eval\u00faan."}], "lastModified": "2024-12-12T18:59:00.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6374E209-0433-4CFF-A5C7-A9DA884F3E31", "versionEndExcluding": "20.2.0", "versionStartIncluding": "20.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "f5sirt@f5.com"}