2024-02-14 19:01:09 +00:00
{
"id" : "CVE-2024-22093" ,
"sourceIdentifier" : "f5sirt@f5.com" ,
"published" : "2024-02-14T17:15:12.607" ,
2025-01-23 21:03:44 +00:00
"lastModified" : "2025-01-23T19:51:12.397" ,
"vulnStatus" : "Analyzed" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2024-02-14 19:01:09 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
2024-04-04 08:46:00 +00:00
} ,
{
"lang" : "es" ,
"value" : "Cuando se ejecuta en modo dispositivo, existe una vulnerabilidad de inyecci\u00f3n remota de comandos autenticada en un endpoint iControl REST no revelado en sistemas multiblade. Un exploit exitoso puede permitir al atacante cruzar un l\u00edmite de seguridad. Nota: Las versiones de software que han llegado al final del soporte t\u00e9cnico (EoTS) no se eval\u00faan"
2024-02-14 19:01:09 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "f5sirt@f5.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 8.7 ,
"baseSeverity" : "HIGH" ,
2024-02-14 19:01:09 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "NONE" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2024-02-14 19:01:09 +00:00
} ,
"exploitabilityScore" : 2.3 ,
"impactScore" : 5.8
2025-01-23 21:03:44 +00:00
} ,
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" ,
"baseScore" : 9.6 ,
"baseSeverity" : "CRITICAL" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "NONE"
} ,
"exploitabilityScore" : 3.1 ,
"impactScore" : 5.8
2024-02-14 19:01:09 +00:00
}
]
} ,
"weaknesses" : [
{
"source" : "f5sirt@f5.com" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-77"
}
]
2025-01-23 21:03:44 +00:00
} ,
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-77"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "15.1.0" ,
"versionEndExcluding" : "15.1.9" ,
"matchCriteriaId" : "F11226F6-9080-4126-ACBD-7211A2746214"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "16.1.0" ,
"versionEndExcluding" : "16.1.4" ,
"matchCriteriaId" : "A8F16422-A642-4614-96F2-E5B4877E8206"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "8.0.0" ,
"versionEndIncluding" : "8.3.0" ,
"matchCriteriaId" : "1B4F2DBC-4DA1-42D8-9BD9-2EAADA27CCDE"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "15.1.0" ,
"versionEndExcluding" : "15.1.9" ,
"matchCriteriaId" : "6DD4CF11-44E9-4596-9397-AF7DBD81277B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "16.1.0" ,
"versionEndExcluding" : "16.1.4" ,
"matchCriteriaId" : "DE979976-11C7-4AFF-8BE4-A094CC9C39CF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1A1CC91B-6920-4AF0-9EDD-DD3189E78F4D"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "15.1.0" ,
"versionEndExcluding" : "15.1.9" ,
"matchCriteriaId" : "16795277-E8E2-4713-BD65-207655546649"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "16.1.0" ,
"versionEndExcluding" : "16.1.4" ,
"matchCriteriaId" : "0835E39B-F21E-4231-A4B9-5D511FF1B87A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "59203EBF-C52A-45A1-B8DF-00E17E3EFB51"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "15.1.0" ,
"versionEndExcluding" : "15.1.9" ,
"matchCriteriaId" : "F005EFFD-3A40-4762-B0D6-8760C406130F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "16.1.0" ,
"versionEndExcluding" : "16.1.4" ,
"matchCriteriaId" : "8705476E-A246-4B57-A0E1-FD626C1B0DE5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5C698C1C-A3DD-46E2-B05A-12F2604E7F85"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "15.1.0" ,
"versionEndExcluding" : "15.1.9" ,
"matchCriteriaId" : "8D82BCD8-136A-476C-AC86-710CA8B32EB7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "16.1.0" ,
"versionEndExcluding" : "16.1.4" ,
"matchCriteriaId" : "377DE308-CF91-488A-B296-30A3B09451D3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "87670A74-34FE-45DF-A725-25B804C845B3"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "15.1.0" ,
"versionEndExcluding" : "15.1.9" ,
"matchCriteriaId" : "C0FE692A-CD63-4354-B599-2F47EEEFDD37"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "16.1.0" ,
"versionEndExcluding" : "16.1.4" ,
"matchCriteriaId" : "B2F02EC0-E6C2-4E00-9804-043982D88BCE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "84D00768-E71B-4FF7-A7BF-F2C8CFBC900D"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "15.1.0" ,
"versionEndExcluding" : "15.1.9" ,
"matchCriteriaId" : "E4958167-AB1F-4458-A06B-1B2DA313EEBD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "16.1.0" ,
"versionEndExcluding" : "16.1.4" ,
"matchCriteriaId" : "D982C3E6-43DE-4AA8-889F-044E70C7FCB2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "ABBD10E8-6054-408F-9687-B9BF6375CA09"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "15.1.0" ,
"versionEndExcluding" : "15.1.9" ,
"matchCriteriaId" : "944B8F9C-E5C6-4DA8-BF2B-1C0B6A388BC4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "16.1.0" ,
"versionEndExcluding" : "16.1.4" ,
"matchCriteriaId" : "7DB6C626-BA78-4C06-8582-BFFCDF957429"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "83794B04-87E2-4CA9-81F5-BB820D0F5395"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "15.1.0" ,
"versionEndExcluding" : "15.1.9" ,
"matchCriteriaId" : "DCFAFFAC-000C-414D-83CF-B8B2C529D9CF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "16.1.0" ,
"versionEndExcluding" : "16.1.4" ,
"matchCriteriaId" : "E68BFC75-6977-4644-A169-48263B896849"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0A6E7035-3299-474F-8F67-945EA9A059D0"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "15.1.0" ,
"versionEndExcluding" : "15.1.9" ,
"matchCriteriaId" : "672067B7-C838-4F0B-B3D0-E85F71715B0A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "16.1.0" ,
"versionEndExcluding" : "16.1.4" ,
"matchCriteriaId" : "A4C17D18-1172-4396-9099-F1F5EAEACE5A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "56FB92F7-FF1E-425D-A5AB-9D9FB0BB9450"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "15.1.0" ,
"versionEndExcluding" : "15.1.9" ,
"matchCriteriaId" : "1871634A-7609-4D01-8469-3D86F36DC19D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "16.1.0" ,
"versionEndExcluding" : "16.1.4" ,
"matchCriteriaId" : "603324D6-FE7A-4209-B92B-94EF09AB5FF2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "667EB77B-DA13-4BA4-9371-EE3F3A109F38"
}
]
}
]
2024-02-14 19:01:09 +00:00
}
] ,
"references" : [
{
"url" : "https://my.f5.com/manage/s/article/K000137522" ,
2025-01-23 21:03:44 +00:00
"source" : "f5sirt@f5.com" ,
"tags" : [
"Vendor Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://my.f5.com/manage/s/article/K000137522" ,
2025-01-23 21:03:44 +00:00
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2024-02-14 19:01:09 +00:00
}
]
}
