CVE-2024-23982 - Vulnerability Details - OpenCVE

When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
F5	Big-ip Policy Enforcement Manager

Configuration 1 [-]

OR	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::

No data.

References

Link	Providers
https://my.f5.com/manage/s/article/K000135946

History

Thu, 12 Dec 2024 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		F5 F5 big-ip Policy Enforcement Manager
Weaknesses		CWE-787
CPEs		cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
Vendors & Products		F5 F5 big-ip Policy Enforcement Manager

MITRE

Status: PUBLISHED

Assigner: f5

Published: 2024-02-14T16:35:08.991Z

Updated: 2024-08-21T15:47:02.775Z

Reserved: 2024-02-01T22:13:58.474Z

Link: CVE-2024-23982

Vulnrichment

Updated: 2024-08-01T23:13:08.424Z

NVD

Status : Analyzed

Published: 2024-02-14T17:15:14.637

Modified: 2024-12-12T19:07:57.403

Link: CVE-2024-23982

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23982", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "state": "PUBLISHED", "assignerShortName": "f5", "dateReserved": "2024-02-01T22:13:58.474Z", "datePublished": "2024-02-14T16:35:08.991Z", "dateUpdated": "2024-08-21T15:47:02.775Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["PEM"], "product": "BIG-IP", "vendor": "F5", "versions": [{"changes": [{"at": "classification-update-17.0.0-20220919_0728.im", "status": "affected"}, {"at": "classification-update-17.0.0-20220929_1149.im", "status": "affected"}, {"at": "classification-update-17.0.0-20221014_1320.im", "status": "affected"}, {"at": "classification-update-17.0.0-20221027_0652.im", "status": "affected"}, {"at": "classification-update-17.0.0-20221110_0614.im", "status": "affected"}, {"at": "classification-update-17.0.0-20221125_0422.im", "status": "affected"}, {"at": "classification-update-17.0.0-20221212_0929.im", "status": "affected"}, {"at": "classification-update-17.0.0-20221222_0627.im", "status": "affected"}, {"at": "classification-update-17.0.0-20230105_0508.im", "status": "affected"}, {"at": "classification-update-17.0.0-20230120_1249.im", "status": "affected"}, {"at": "classification-update-17.0.0-20230203_1610.im", "status": "affected"}, {"at": "classification-update-17.0.0-20230216_0811.im", "status": "affected"}, {"at": "classification_updates_17.0.0-20230302_1513.im", "status": "unaffected"}], "lessThan": "*", "status": "unaffected", "version": "17.0.0", "versionType": "custom"}, {"changes": [{"at": "classification-update-16.1.0-20220919_0728.im", "status": "affected"}, {"at": "classification-update-16.1.0-20220929_1149.im", "status": "affected"}, {"at": "classification-update-16.1.0-20221014_1320.im", "status": "affected"}, {"at": "classification-update-16.1.0-20221027_0652.im", "status": "affected"}, {"at": "classification-update-16.1.0-20221110_0614.im", "status": "affected"}, {"at": "classification-update-16.1.0-20221125_0422.im", "status": "affected"}, {"at": "classification-update-16.1.0-20221212_0929.im", "status": "affected"}, {"at": "classification-update-16.1.0-20221222_0627.im", "status": "affected"}, {"at": "classification-update-16.1.0-20230105_0508.im", "status": "affected"}, {"at": "classification-update-16.1.0-20230120_1249.im", "status": "affected"}, {"at": "classification-update-16.1.0-20230203_1610.im", "status": "affected"}, {"at": "classification-update-16.1.0-20230216_0811.im", "status": "affected"}, {"at": "classification_updates_16.1.0-20230302_1513.im", "status": "unaffected"}], "lessThan": "*", "status": "unaffected", "version": "16.1.0", "versionType": "custom"}, {"changes": [{"at": "classification-update-15.1.0-20220919_0728.im", "status": "affected"}, {"at": "classification-update-15.1.0-20220929_1149.im", "status": "affected"}, {"at": "classification-update-15.1.0-20221014_1320.im", "status": "affected"}, {"at": "classification-update-15.1.0-20221027_0652.im", "status": "affected"}, {"at": "classification-update-15.1.0-20221110_0614.im", "status": "affected"}, {"at": "classification-update-15.1.0-20221125_0422.im", "status": "affected"}, {"at": "classification-update-15.1.0-20221212_0929.im", "status": "affected"}, {"at": "classification-update-15.1.0-20221222_0627.im", "status": "affected"}, {"at": "classification-update-15.1.0-20230105_0508.im", "status": "affected"}, {"at": "classification-update-15.1.0-20230120_1249.im", "status": "affected"}, {"at": "classification-update-15.1.0-20230203_1610.im", "status": "affected"}, {"at": "classification-update-15.1.0-20230216_0811.im", "status": "affected"}, {"at": "classification_updates_15.1.0-20230302_1513.im", "status": "unaffected"}], "lessThan": "*", "status": "unaffected", "version": "15.1.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "F5"}], "datePublic": "2024-02-14T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files. </span> NOTE: </span>Software versions which have reached End of Technical Support (EoTS) are not evaluated"}], "value": "\n\n\nWhen a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files.\u00a0\u00a0NOTE:\u00a0Software versions which have reached End of Technical Support (EoTS) are not evaluated"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2024-02-14T16:35:08.991Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://my.f5.com/manage/s/article/K000135946"}], "source": {"discovery": "INTERNAL"}, "title": "BIG-IP PEM vulnerability", "x_generator": {"engine": "F5 SIRTBot v1.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.424Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://my.f5.com/manage/s/article/K000135946"}]}, {"affected": [{"vendor": "f5", "product": "big-ip_pem", "cpes": ["cpe:2.3:a:f5:big-ip_pem:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "17.1.0", "status": "affected", "lessThanOrEqual": "17.1.1", "versionType": "custom"}, {"version": "16.1.0", "status": "affected", "lessThanOrEqual": "16.1.4", "versionType": "custom"}, {"version": "15.1.0", "status": "affected", "lessThanOrEqual": "15.1.10", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-21T15:40:50.583628Z", "id": "CVE-2024-23982", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T15:47:02.775Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://my.f5.com/manage/s/article/K000135946", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.424Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23982", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-21T15:40:50.583628Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:f5:big-ip_pem:*:*:*:*:*:*:*:*"], "vendor": "f5", "product": "big-ip_pem", "versions": [{"status": "affected", "version": "17.1.0", "versionType": "custom", "lessThanOrEqual": "17.1.1"}, {"status": "affected", "version": "16.1.0", "versionType": "custom", "lessThanOrEqual": "16.1.4"}, {"status": "affected", "version": "15.1.0", "versionType": "custom", "lessThanOrEqual": "15.1.10"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T15:45:27.295Z"}}], "cna": {"title": "BIG-IP PEM vulnerability", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "F5"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "F5", "modules": ["PEM"], "product": "BIG-IP", "versions": [{"status": "unaffected", "changes": [{"at": "classification-update-17.0.0-20220919_0728.im", "status": "affected"}, {"at": "classification-update-17.0.0-20220929_1149.im", "status": "affected"}, {"at": "classification-update-17.0.0-20221014_1320.im", "status": "affected"}, {"at": "classification-update-17.0.0-20221027_0652.im", "status": "affected"}, {"at": "classification-update-17.0.0-20221110_0614.im", "status": "affected"}, {"at": "classification-update-17.0.0-20221125_0422.im", "status": "affected"}, {"at": "classification-update-17.0.0-20221212_0929.im", "status": "affected"}, {"at": "classification-update-17.0.0-20221222_0627.im", "status": "affected"}, {"at": "classification-update-17.0.0-20230105_0508.im", "status": "affected"}, {"at": "classification-update-17.0.0-20230120_1249.im", "status": "affected"}, {"at": "classification-update-17.0.0-20230203_1610.im", "status": "affected"}, {"at": "classification-update-17.0.0-20230216_0811.im", "status": "affected"}, {"at": "classification_updates_17.0.0-20230302_1513.im", "status": "unaffected"}], "version": "17.0.0", "lessThan": "*", "versionType": "custom"}, {"status": "unaffected", "changes": [{"at": "classification-update-16.1.0-20220919_0728.im", "status": "affected"}, {"at": "classification-update-16.1.0-20220929_1149.im", "status": "affected"}, {"at": "classification-update-16.1.0-20221014_1320.im", "status": "affected"}, {"at": "classification-update-16.1.0-20221027_0652.im", "status": "affected"}, {"at": "classification-update-16.1.0-20221110_0614.im", "status": "affected"}, {"at": "classification-update-16.1.0-20221125_0422.im", "status": "affected"}, {"at": "classification-update-16.1.0-20221212_0929.im", "status": "affected"}, {"at": "classification-update-16.1.0-20221222_0627.im", "status": "affected"}, {"at": "classification-update-16.1.0-20230105_0508.im", "status": "affected"}, {"at": "classification-update-16.1.0-20230120_1249.im", "status": "affected"}, {"at": "classification-update-16.1.0-20230203_1610.im", "status": "affected"}, {"at": "classification-update-16.1.0-20230216_0811.im", "status": "affected"}, {"at": "classification_updates_16.1.0-20230302_1513.im", "status": "unaffected"}], "version": "16.1.0", "lessThan": "*", "versionType": "custom"}, {"status": "unaffected", "changes": [{"at": "classification-update-15.1.0-20220919_0728.im", "status": "affected"}, {"at": "classification-update-15.1.0-20220929_1149.im", "status": "affected"}, {"at": "classification-update-15.1.0-20221014_1320.im", "status": "affected"}, {"at": "classification-update-15.1.0-20221027_0652.im", "status": "affected"}, {"at": "classification-update-15.1.0-20221110_0614.im", "status": "affected"}, {"at": "classification-update-15.1.0-20221125_0422.im", "status": "affected"}, {"at": "classification-update-15.1.0-20221212_0929.im", "status": "affected"}, {"at": "classification-update-15.1.0-20221222_0627.im", "status": "affected"}, {"at": "classification-update-15.1.0-20230105_0508.im", "status": "affected"}, {"at": "classification-update-15.1.0-20230120_1249.im", "status": "affected"}, {"at": "classification-update-15.1.0-20230203_1610.im", "status": "affected"}, {"at": "classification-update-15.1.0-20230216_0811.im", "status": "affected"}, {"at": "classification_updates_15.1.0-20230302_1513.im", "status": "unaffected"}], "version": "15.1.0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}], "datePublic": "2024-02-14T15:00:00.000Z", "references": [{"url": "https://my.f5.com/manage/s/article/K000135946", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "F5 SIRTBot v1.0"}, "descriptions": [{"lang": "en", "value": "\n\n\nWhen a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files.\u00a0\u00a0NOTE:\u00a0Software versions which have reached End of Technical Support (EoTS) are not evaluated", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files. </span> NOTE: </span>Software versions which have reached End of Technical Support (EoTS) are not evaluated", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2024-02-14T16:35:08.991Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23982", "state": "PUBLISHED", "dateUpdated": "2024-08-21T15:47:02.775Z", "dateReserved": "2024-02-01T22:13:58.474Z", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "datePublished": "2024-02-14T16:35:08.991Z", "assignerShortName": "f5"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFF5007E-761C-4697-8D34-C064DF0ABE8D", "versionEndIncluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "910441D3-90EF-4375-B007-D51120A60AB2", "versionEndIncluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "17523F89-DF78-45B7-AEAB-A4886E99E08B", "versionEndIncluding": "17.1.1", "versionStartIncluding": "17.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\n\n\nWhen a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files.\u00a0\u00a0NOTE:\u00a0Software versions which have reached End of Technical Support (EoTS) are not evaluated"}, {"lang": "es", "value": "Cuando se configura un perfil de clasificaci\u00f3n BIG-IP PEM en un servidor virtual UDP, las solicitudes no divulgadas pueden provocar la finalizaci\u00f3n del Microkernel de gesti\u00f3n de tr\u00e1fico (TMM). Este problema afecta a los motores de clasificaci\u00f3n que utilizan firmas publicadas entre el 08-09-2022 y el 16-02-2023. Consulte la tabla en el Aviso de seguridad F5 para obtener una lista completa de los archivos de firmas de clasificaci\u00f3n afectados. NOTA: Las versiones de software que han llegado al final del soporte t\u00e9cnico (EoTS) no se eval\u00faan"}], "id": "CVE-2024-23982", "lastModified": "2024-12-12T19:07:57.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "f5sirt@f5.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-14T17:15:14.637", "references": [{"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://my.f5.com/manage/s/article/K000135946"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://my.f5.com/manage/s/article/K000135946"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "f5sirt@f5.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}