CVE-2024-22389 - Vulnerability Details

When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
F5	Big-ip Access Policy Manager Big-ip Advanced Firewall Manager Big-ip Analytics Big-ip Application Acceleration Manager Big-ip Application Security Manager Big-ip Domain Name System Big-ip Fraud Protection Service Big-ip Global Traffic Manager Big-ip Link Controller Big-ip Local Traffic Manager Big-ip Policy Enforcement Manager Big-iq Centralized Management

Configuration 1 [-]

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:::::::*

Configuration 2 [-]

cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics:17.1.0:::::::*

Configuration 5 [-]

OR	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:::::::*

Configuration 6 [-]

OR	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:::::::*

Configuration 7 [-]

OR	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:::::::*

Configuration 8 [-]

OR	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:::::::*

Configuration 9 [-]

OR	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:::::::*

Configuration 10 [-]

OR	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller:17.1.0:::::::*

Configuration 11 [-]

OR	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:::::::*

Configuration 12 [-]

OR	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:::::::*

No data.

References

Link	Providers
https://my.f5.com/manage/s/article/K32544615

History

Thu, 23 Jan 2025 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		F5 F5 big-ip Access Policy Manager F5 big-ip Advanced Firewall Manager F5 big-ip Analytics F5 big-ip Application Acceleration Manager F5 big-ip Application Security Manager F5 big-ip Domain Name System F5 big-ip Fraud Protection Service F5 big-ip Global Traffic Manager F5 big-ip Link Controller F5 big-ip Local Traffic Manager F5 big-ip Policy Enforcement Manager F5 big-iq Centralized Management
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:f5:big-ip_access_policy_manager:::::::: cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_advanced_firewall_manager:::::::: cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_analytics:::::::: cpe:2.3:a:f5:big-ip_analytics:17.1.0:::::::* cpe:2.3:a:f5:big-ip_application_acceleration_manager:::::::: cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_application_security_manager:::::::: cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_domain_name_system:::::::: cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:::::::* cpe:2.3:a:f5:big-ip_fraud_protection_service:::::::: cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:::::::* cpe:2.3:a:f5:big-ip_global_traffic_manager:::::::: cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_link_controller:::::::: cpe:2.3:a:f5:big-ip_link_controller:17.1.0:::::::* cpe:2.3:a:f5:big-ip_local_traffic_manager:::::::: cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:::::::* cpe:2.3:a:f5:big-ip_policy_enforcement_manager:::::::: cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:::::::* cpe:2.3:a:f5:big-iq_centralized_management::::::::
Vendors & Products		F5 F5 big-ip Access Policy Manager F5 big-ip Advanced Firewall Manager F5 big-ip Analytics F5 big-ip Application Acceleration Manager F5 big-ip Application Security Manager F5 big-ip Domain Name System F5 big-ip Fraud Protection Service F5 big-ip Global Traffic Manager F5 big-ip Link Controller F5 big-ip Local Traffic Manager F5 big-ip Policy Enforcement Manager F5 big-iq Centralized Management

MITRE

Status: PUBLISHED

Assigner: f5

Published: 2024-02-14T16:30:19.797Z

Updated: 2024-08-16T18:11:12.661Z

Reserved: 2024-02-01T22:13:26.333Z

Link: CVE-2024-22389

Vulnrichment

Updated: 2024-08-01T22:43:34.665Z

NVD

Status : Analyzed

Published: 2024-02-14T17:15:12.803

Modified: 2025-01-23T19:51:22.007

Link: CVE-2024-22389

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object