CVE-2023-24594

BIG-IP TMM SSL vulnerability

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

*Credits: F5

CVSS Scores

NISTv3.1 5.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-04-14 CVE Reserved
2023-05-03 CVE Published
2024-06-04 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://my.f5.com/manage/s/article/K000133132	2023-10-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
F5 Search vendor "F5"		Big-ip Access Policy Manager Search vendor "F5" for product "Big-ip Access Policy Manager"				14.1.5 Search vendor "F5" for product "Big-ip Access Policy Manager" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Access Policy Manager Search vendor "F5" for product "Big-ip Access Policy Manager"				15.1.4.1 Search vendor "F5" for product "Big-ip Access Policy Manager" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Access Policy Manager Search vendor "F5" for product "Big-ip Access Policy Manager"				16.1.2 Search vendor "F5" for product "Big-ip Access Policy Manager" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Advanced Firewall Manager Search vendor "F5" for product "Big-ip Advanced Firewall Manager"				14.1.5 Search vendor "F5" for product "Big-ip Advanced Firewall Manager" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Advanced Firewall Manager Search vendor "F5" for product "Big-ip Advanced Firewall Manager"				15.1.4.1 Search vendor "F5" for product "Big-ip Advanced Firewall Manager" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Advanced Firewall Manager Search vendor "F5" for product "Big-ip Advanced Firewall Manager"				16.1.2 Search vendor "F5" for product "Big-ip Advanced Firewall Manager" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Advanced Web Application Firewall Search vendor "F5" for product "Big-ip Advanced Web Application Firewall"				14.1.5 Search vendor "F5" for product "Big-ip Advanced Web Application Firewall" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Advanced Web Application Firewall Search vendor "F5" for product "Big-ip Advanced Web Application Firewall"				15.1.4.1 Search vendor "F5" for product "Big-ip Advanced Web Application Firewall" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Advanced Web Application Firewall Search vendor "F5" for product "Big-ip Advanced Web Application Firewall"				16.1.2 Search vendor "F5" for product "Big-ip Advanced Web Application Firewall" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Analytics Search vendor "F5" for product "Big-ip Analytics"				14.1.5 Search vendor "F5" for product "Big-ip Analytics" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Analytics Search vendor "F5" for product "Big-ip Analytics"				15.1.4.1 Search vendor "F5" for product "Big-ip Analytics" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Analytics Search vendor "F5" for product "Big-ip Analytics"				16.1.2 Search vendor "F5" for product "Big-ip Analytics" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Application Acceleration Manager Search vendor "F5" for product "Big-ip Application Acceleration Manager"				14.1.5 Search vendor "F5" for product "Big-ip Application Acceleration Manager" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Application Acceleration Manager Search vendor "F5" for product "Big-ip Application Acceleration Manager"				15.1.4.1 Search vendor "F5" for product "Big-ip Application Acceleration Manager" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Application Acceleration Manager Search vendor "F5" for product "Big-ip Application Acceleration Manager"				16.1.2 Search vendor "F5" for product "Big-ip Application Acceleration Manager" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Application Security Manager Search vendor "F5" for product "Big-ip Application Security Manager"				14.1.5 Search vendor "F5" for product "Big-ip Application Security Manager" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Application Security Manager Search vendor "F5" for product "Big-ip Application Security Manager"				15.1.4.1 Search vendor "F5" for product "Big-ip Application Security Manager" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Application Security Manager Search vendor "F5" for product "Big-ip Application Security Manager"				16.1.2 Search vendor "F5" for product "Big-ip Application Security Manager" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Application Visibility And Reporting Search vendor "F5" for product "Big-ip Application Visibility And Reporting"				14.1.5 Search vendor "F5" for product "Big-ip Application Visibility And Reporting" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Application Visibility And Reporting Search vendor "F5" for product "Big-ip Application Visibility And Reporting"				15.1.4.1 Search vendor "F5" for product "Big-ip Application Visibility And Reporting" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Application Visibility And Reporting Search vendor "F5" for product "Big-ip Application Visibility And Reporting"				16.1.2 Search vendor "F5" for product "Big-ip Application Visibility And Reporting" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Carrier-grade Nat Search vendor "F5" for product "Big-ip Carrier-grade Nat"				14.1.5 Search vendor "F5" for product "Big-ip Carrier-grade Nat" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Carrier-grade Nat Search vendor "F5" for product "Big-ip Carrier-grade Nat"				15.1.4.1 Search vendor "F5" for product "Big-ip Carrier-grade Nat" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Carrier-grade Nat Search vendor "F5" for product "Big-ip Carrier-grade Nat"				16.1.2 Search vendor "F5" for product "Big-ip Carrier-grade Nat" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Ddos Hybrid Defender Search vendor "F5" for product "Big-ip Ddos Hybrid Defender"				14.1.5 Search vendor "F5" for product "Big-ip Ddos Hybrid Defender" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Ddos Hybrid Defender Search vendor "F5" for product "Big-ip Ddos Hybrid Defender"				15.1.4.1 Search vendor "F5" for product "Big-ip Ddos Hybrid Defender" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Ddos Hybrid Defender Search vendor "F5" for product "Big-ip Ddos Hybrid Defender"				16.1.2 Search vendor "F5" for product "Big-ip Ddos Hybrid Defender" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Domain Name System Search vendor "F5" for product "Big-ip Domain Name System"				14.1.5 Search vendor "F5" for product "Big-ip Domain Name System" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Domain Name System Search vendor "F5" for product "Big-ip Domain Name System"				15.1.4.1 Search vendor "F5" for product "Big-ip Domain Name System" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Domain Name System Search vendor "F5" for product "Big-ip Domain Name System"				16.1.2 Search vendor "F5" for product "Big-ip Domain Name System" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Edge Gateway Search vendor "F5" for product "Big-ip Edge Gateway"				14.1.5 Search vendor "F5" for product "Big-ip Edge Gateway" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Edge Gateway Search vendor "F5" for product "Big-ip Edge Gateway"				15.1.4.1 Search vendor "F5" for product "Big-ip Edge Gateway" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Edge Gateway Search vendor "F5" for product "Big-ip Edge Gateway"				16.1.2 Search vendor "F5" for product "Big-ip Edge Gateway" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Fraud Protection Service Search vendor "F5" for product "Big-ip Fraud Protection Service"				14.1.5 Search vendor "F5" for product "Big-ip Fraud Protection Service" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Fraud Protection Service Search vendor "F5" for product "Big-ip Fraud Protection Service"				15.1.4.1 Search vendor "F5" for product "Big-ip Fraud Protection Service" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Fraud Protection Service Search vendor "F5" for product "Big-ip Fraud Protection Service"				16.1.2 Search vendor "F5" for product "Big-ip Fraud Protection Service" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Global Traffic Manager Search vendor "F5" for product "Big-ip Global Traffic Manager"				14.1.5 Search vendor "F5" for product "Big-ip Global Traffic Manager" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Global Traffic Manager Search vendor "F5" for product "Big-ip Global Traffic Manager"				15.1.4.1 Search vendor "F5" for product "Big-ip Global Traffic Manager" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Global Traffic Manager Search vendor "F5" for product "Big-ip Global Traffic Manager"				16.1.2 Search vendor "F5" for product "Big-ip Global Traffic Manager" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Link Controller Search vendor "F5" for product "Big-ip Link Controller"				14.1.5 Search vendor "F5" for product "Big-ip Link Controller" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Link Controller Search vendor "F5" for product "Big-ip Link Controller"				15.1.4.1 Search vendor "F5" for product "Big-ip Link Controller" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Link Controller Search vendor "F5" for product "Big-ip Link Controller"				16.1.2 Search vendor "F5" for product "Big-ip Link Controller" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Local Traffic Manager Search vendor "F5" for product "Big-ip Local Traffic Manager"				14.1.5 Search vendor "F5" for product "Big-ip Local Traffic Manager" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Local Traffic Manager Search vendor "F5" for product "Big-ip Local Traffic Manager"				15.1.4.1 Search vendor "F5" for product "Big-ip Local Traffic Manager" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Local Traffic Manager Search vendor "F5" for product "Big-ip Local Traffic Manager"				16.1.2 Search vendor "F5" for product "Big-ip Local Traffic Manager" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Next Service Proxy For Kubernetes Search vendor "F5" for product "Big-ip Next Service Proxy For Kubernetes"				1.5.0 Search vendor "F5" for product "Big-ip Next Service Proxy For Kubernetes" and version "1.5.0"		-		Affected
F5 Search vendor "F5"		Big-ip Policy Enforcement Manager Search vendor "F5" for product "Big-ip Policy Enforcement Manager"				14.1.5 Search vendor "F5" for product "Big-ip Policy Enforcement Manager" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Policy Enforcement Manager Search vendor "F5" for product "Big-ip Policy Enforcement Manager"				15.1.4.1 Search vendor "F5" for product "Big-ip Policy Enforcement Manager" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Policy Enforcement Manager Search vendor "F5" for product "Big-ip Policy Enforcement Manager"				16.1.2 Search vendor "F5" for product "Big-ip Policy Enforcement Manager" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Ssl Orchestrator Search vendor "F5" for product "Big-ip Ssl Orchestrator"				14.1.5 Search vendor "F5" for product "Big-ip Ssl Orchestrator" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Ssl Orchestrator Search vendor "F5" for product "Big-ip Ssl Orchestrator"				15.1.4.1 Search vendor "F5" for product "Big-ip Ssl Orchestrator" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Ssl Orchestrator Search vendor "F5" for product "Big-ip Ssl Orchestrator"				16.1.2 Search vendor "F5" for product "Big-ip Ssl Orchestrator" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Webaccelerator Search vendor "F5" for product "Big-ip Webaccelerator"				14.1.5 Search vendor "F5" for product "Big-ip Webaccelerator" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Webaccelerator Search vendor "F5" for product "Big-ip Webaccelerator"				15.1.4.1 Search vendor "F5" for product "Big-ip Webaccelerator" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Webaccelerator Search vendor "F5" for product "Big-ip Webaccelerator"				16.1.2 Search vendor "F5" for product "Big-ip Webaccelerator" and version "16.1.2"		-		Affected
F5 Search vendor "F5"		Big-ip Websafe Search vendor "F5" for product "Big-ip Websafe"				14.1.5 Search vendor "F5" for product "Big-ip Websafe" and version "14.1.5"		-		Affected
F5 Search vendor "F5"		Big-ip Websafe Search vendor "F5" for product "Big-ip Websafe"				15.1.4.1 Search vendor "F5" for product "Big-ip Websafe" and version "15.1.4.1"		-		Affected
F5 Search vendor "F5"		Big-ip Websafe Search vendor "F5" for product "Big-ip Websafe"				16.1.2 Search vendor "F5" for product "Big-ip Websafe" and version "16.1.2"		-		Affected