{ "id": "CVE-2024-22093", "sourceIdentifier": "f5sirt@f5.com", "published": "2024-02-14T17:15:12.607", "lastModified": "2025-01-23T19:51:12.397", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated" }, { "lang": "es", "value": "Cuando se ejecuta en modo dispositivo, existe una vulnerabilidad de inyecci\u00f3n remota de comandos autenticada en un endpoint iControl REST no revelado en sistemas multiblade. Un exploit exitoso puede permitir al atacante cruzar un l\u00edmite de seguridad. Nota: Las versiones de software que han llegado al final del soporte t\u00e9cnico (EoTS) no se eval\u00faan" } ], "metrics": { "cvssMetricV31": [ { "source": "f5sirt@f5.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE" }, "exploitabilityScore": 2.3, "impactScore": 5.8 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "baseScore": 9.6, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE" }, "exploitabilityScore": 3.1, "impactScore": 5.8 } ] }, "weaknesses": [ { "source": "f5sirt@f5.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-77" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-77" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.9", "matchCriteriaId": "F11226F6-9080-4126-ACBD-7211A2746214" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.4", "matchCriteriaId": "A8F16422-A642-4614-96F2-E5B4877E8206" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndIncluding": "8.3.0", "matchCriteriaId": "1B4F2DBC-4DA1-42D8-9BD9-2EAADA27CCDE" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.9", "matchCriteriaId": "6DD4CF11-44E9-4596-9397-AF7DBD81277B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.4", "matchCriteriaId": "DE979976-11C7-4AFF-8BE4-A094CC9C39CF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A1CC91B-6920-4AF0-9EDD-DD3189E78F4D" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.9", "matchCriteriaId": "16795277-E8E2-4713-BD65-207655546649" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.4", "matchCriteriaId": "0835E39B-F21E-4231-A4B9-5D511FF1B87A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "59203EBF-C52A-45A1-B8DF-00E17E3EFB51" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.9", "matchCriteriaId": "F005EFFD-3A40-4762-B0D6-8760C406130F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.4", "matchCriteriaId": "8705476E-A246-4B57-A0E1-FD626C1B0DE5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C698C1C-A3DD-46E2-B05A-12F2604E7F85" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.9", "matchCriteriaId": "8D82BCD8-136A-476C-AC86-710CA8B32EB7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.4", "matchCriteriaId": "377DE308-CF91-488A-B296-30A3B09451D3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "87670A74-34FE-45DF-A725-25B804C845B3" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.9", "matchCriteriaId": "C0FE692A-CD63-4354-B599-2F47EEEFDD37" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.4", "matchCriteriaId": "B2F02EC0-E6C2-4E00-9804-043982D88BCE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "84D00768-E71B-4FF7-A7BF-F2C8CFBC900D" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.9", "matchCriteriaId": "E4958167-AB1F-4458-A06B-1B2DA313EEBD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.4", "matchCriteriaId": "D982C3E6-43DE-4AA8-889F-044E70C7FCB2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "ABBD10E8-6054-408F-9687-B9BF6375CA09" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.9", "matchCriteriaId": "944B8F9C-E5C6-4DA8-BF2B-1C0B6A388BC4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.4", "matchCriteriaId": "7DB6C626-BA78-4C06-8582-BFFCDF957429" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "83794B04-87E2-4CA9-81F5-BB820D0F5395" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.9", "matchCriteriaId": "DCFAFFAC-000C-414D-83CF-B8B2C529D9CF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.4", "matchCriteriaId": "E68BFC75-6977-4644-A169-48263B896849" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A6E7035-3299-474F-8F67-945EA9A059D0" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.9", "matchCriteriaId": "672067B7-C838-4F0B-B3D0-E85F71715B0A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.4", "matchCriteriaId": "A4C17D18-1172-4396-9099-F1F5EAEACE5A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "56FB92F7-FF1E-425D-A5AB-9D9FB0BB9450" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.9", "matchCriteriaId": "1871634A-7609-4D01-8469-3D86F36DC19D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.1.0", "versionEndExcluding": "16.1.4", "matchCriteriaId": "603324D6-FE7A-4209-B92B-94EF09AB5FF2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "667EB77B-DA13-4BA4-9371-EE3F3A109F38" } ] } ] } ], "references": [ { "url": "https://my.f5.com/manage/s/article/K000137522", "source": "f5sirt@f5.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://my.f5.com/manage/s/article/K000137522", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] } ] }