// For flags

CVE-2024-23982

BIG-IP PEM vulnerability

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Cuando se configura un perfil de clasificación BIG-IP PEM en un servidor virtual UDP, las solicitudes no divulgadas pueden provocar la finalización del Microkernel de gestión de tráfico (TMM). Este problema afecta a los motores de clasificación que utilizan firmas publicadas entre el 08-09-2022 y el 16-02-2023. Consulte la tabla en el Aviso de seguridad F5 para obtener una lista completa de los archivos de firmas de clasificación afectados. NOTA: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan

When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated

*Credits: F5
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-02-01 CVE Reserved
  • 2024-02-14 CVE Published
  • 2024-08-21 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-121: Stack-based Buffer Overflow
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://my.f5.com/manage/s/article/K000135946 2024-02-14
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
F5
Search vendor "F5"
 Big-ip Pem
Search vendor "F5" for product "Big-ip Pem"
*-
Affected
F5
Search vendor "F5"
 Big-ip Policy Enforcement Manager
Search vendor "F5" for product "Big-ip Policy Enforcement Manager"
*-
Affected
F5
Search vendor "F5"
 Big-ip
Search vendor "F5" for product "Big-ip"
*-
Affected