CVE-2024-32761

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-32761
Under certain conditions, a data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. This leak occurs randomly and cannot be deliberately triggered. If it occurs, it may leak up to 64 bytes of non-contiguous randomized bytes. Under rare conditions, this may lead to a TMM restart, affecting availability.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://my.f5.com/manage/s/article/K000139217 Vendor Advisory
https://my.f5.com/manage/s/article/K000139217 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-05-08 15:15

Updated : 2026-02-03 01:15

NVD link : CVE-2024-32761

Mitre link : CVE-2024-32761

CVE.ORG link : CVE-2024-32761

JSON object : View

Products Affected

f5

  • big-ip_policy_enforcement_manager
  • big-ip_fraud_protection_service
  • big-ip_application_security_manager
  • big-ip_access_policy_manager
  • big-ip_automation_toolchain
  • big-ip_domain_name_system
  • big-ip_application_visibility_and_reporting
  • big-ip_advanced_web_application_firewall
  • big-ip_analytics
  • big-ip_container_ingress_services
  • big-ip_application_acceleration_manager
  • big-ip_advanced_firewall_manager
  • big-ip_ddos_hybrid_defender
  • big-ip_ssl_orchestrator
  • big-ip_local_traffic_manager
  • big-ip_global_traffic_manager
  • big-ip_websafe
  • big-ip_edge_gateway
  • big-ip_link_controller
  • big-ip_webaccelerator
  • big-ip_carrier-grade_nat
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer