Skip to main content

Big Ip Next Cloud Native Network Functions CVE-2024-28132

MEDIUM
Insecure Storage of Sensitive Information (CWE-922)
2024-05-08 f5sirt@f5.com
4.4
CVSS 3.1 · Vendor: f5
Share

Severity by source

Vendor (f5) PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from Vendor (f5) · only source for this CVE.

CVSS VectorVendor: f5

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 08, 2024 - 15:15 cve.org
MEDIUM 4.4

DescriptionCVE.org

Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

AnalysisAI

Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-922. Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Affected products include: F5 Big-Ip Next Cloud-Native Network Functions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-45886 HIGH POC
7.5 Nov 21

The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending

CVE-2025-36504 HIGH
8.7 May 07

When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase i

CVE-2025-24312 HIGH
8.7 Feb 05

When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server

CVE-2024-41164 HIGH
8.2 Aug 14

When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with co

CVE-2024-25560 HIGH
7.5 May 08

When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM)

CVE-2024-23306 HIGH
7.1 Feb 14

A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Rated hi

CVE-2025-54500 MEDIUM
6.9 Aug 13

An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to bre

CVE-2025-41414 HIGH
8.7 May 07

When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate

CVE-2025-41399 HIGH
8.7 May 07

When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can c

CVE-2025-36557 HIGH
8.7 May 07

When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can

Share

CVE-2024-28132 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy