CVE-2024-28889

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://my.f5.com/manage/s/article/K000138912
https://my.f5.com/manage/s/article/K000138912

Configurations

No configuration.

History

21 Nov 2024, 09:07

Type	Values Removed	Values Added
References	~~() https://my.f5.com/manage/s/article/K000138912 -~~	() https://my.f5.com/manage/s/article/K000138912 -
Summary		(es) Cuando un perfil SSL con tieF5 Networksmpo de espera de alerta se configura con un valor no predeterminado en un servidor virtual, el tráfico no divulgado junto con condiciones fuera del control del atacante pueden hacer que el Microkernel de gestión de tráfico (TMM) finalice. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan.

08 May 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-08 15:15

Updated : 2024-11-21 09:07

NVD link : CVE-2024-28889

Mitre link : CVE-2024-28889

CVE.ORG link : CVE-2024-28889

JSON object : View

Products Affected

No product.

CWE

CWE-825

Expired Pointer Dereference

5.9 /10