CVE-2024-22093
Appliance mode iControl REST vulnerability
Severity Score
8.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Cuando se ejecuta en modo dispositivo, existe una vulnerabilidad de inyección remota de comandos autenticada en un endpoint iControl REST no revelado en sistemas multiblade. Un exploit exitoso puede permitir al atacante cruzar un límite de seguridad. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan
*Credits:
F5
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-02-01 CVE Reserved
- 2024-02-14 CVE Published
- 2024-02-15 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://my.f5.com/manage/s/article/K000137522 | 2024-02-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| F5 Search vendor "F5" | BIG-IP Search vendor "F5" for product "BIG-IP" | >= 17.1.0 < 17.1.1 Search vendor "F5" for product "BIG-IP" and version " >= 17.1.0 < 17.1.1" | en |
Affected
| ||||||
| F5 Search vendor "F5" | BIG-IP Search vendor "F5" for product "BIG-IP" | >= 16.1.0 < 16.1.4 Search vendor "F5" for product "BIG-IP" and version " >= 16.1.0 < 16.1.4" | en |
Affected
| ||||||
| F5 Search vendor "F5" | BIG-IP Search vendor "F5" for product "BIG-IP" | >= 15.1.0 < 15.1.9 Search vendor "F5" for product "BIG-IP" and version " >= 15.1.0 < 15.1.9" | en |
Affected
| ||||||