Skip to main content

Big Ip Next Cloud Native Network Functions CVE-2024-23306

HIGH
Insufficiently Protected Credentials (CWE-522)
2024-02-14 f5sirt@f5.com
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 14, 2024 - 17:15 nvd
HIGH 7.1

DescriptionNVD

A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

AnalysisAI

A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Insufficiently Protected Credentials (CWE-522), which allows attackers to obtain user credentials due to weak protection mechanisms. A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Affected products include: F5 Big-Ip Next Cloud-Native Network Functions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Hash passwords with strong algorithms (bcrypt, argon2), encrypt credentials in transit and at rest, never log credentials.

CVE-2023-45886 HIGH POC
7.5 Nov 21

The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending

CVE-2025-36504 HIGH
8.7 May 07

When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase i

CVE-2025-24312 HIGH
8.7 Feb 05

When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server

CVE-2024-41164 HIGH
8.2 Aug 14

When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with co

CVE-2024-25560 HIGH
7.5 May 08

When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM)

CVE-2024-28132 MEDIUM
4.4 May 08

Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker

CVE-2025-54500 MEDIUM
6.9 Aug 13

An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to bre

CVE-2025-41414 HIGH
8.7 May 07

When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate

CVE-2025-41399 HIGH
8.7 May 07

When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can c

CVE-2025-36557 HIGH
8.7 May 07

When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can

Share

CVE-2024-23306 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy