CVE-2024-21849

When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3.0 7.5 HIGH

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://my.f5.com/manage/s/article/K000135873	Vendor Advisory
https://my.f5.com/manage/s/article/K000135873	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::

History

12 Dec 2024, 19:10

Type	Values Removed	Values Added
CPE		cpe:2.3:a:f5:big-ip_application_security_manager:::::::: cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
References	~~() https://my.f5.com/manage/s/article/K000135873 -~~	() https://my.f5.com/manage/s/article/K000135873 - Vendor Advisory
CWE		NVD-CWE-Other
First Time		F5 big-ip Advanced Web Application Firewall F5 F5 big-ip Application Security Manager
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

14 Feb 2024, 18:04

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-14 17:15

Updated : 2024-12-12 19:10

NVD link : CVE-2024-21849

Mitre link : CVE-2024-21849

JSON object : View

Products Affected

big-ip_advanced_web_application_firewall
big-ip_application_security_manager

CWE

NVD-CWE-Other

7.5 /10