5.3
CVE-2023-24594
- EPSS 0.14%
- Published 03.05.2023 15:15:12
- Last modified 21.11.2024 07:48:12
- Source f5sirt@f5.com
- Teams watchlist Login
- Open Login
When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Data is provided by the National Vulnerability Database (NVD)
F5 ≫ Big-ip Access Policy Manager Version14.1.5
F5 ≫ Big-ip Access Policy Manager Version15.1.4.1
F5 ≫ Big-ip Access Policy Manager Version16.1.2
F5 ≫ Big-ip Advanced Firewall Manager Version14.1.5
F5 ≫ Big-ip Advanced Firewall Manager Version15.1.4.1
F5 ≫ Big-ip Advanced Firewall Manager Version16.1.2
F5 ≫ Big-ip Advanced Web Application Firewall Version14.1.5
F5 ≫ Big-ip Advanced Web Application Firewall Version15.1.4.1
F5 ≫ Big-ip Advanced Web Application Firewall Version16.1.2
F5 ≫ Big-ip Analytics Version14.1.5
F5 ≫ Big-ip Analytics Version15.1.4.1
F5 ≫ Big-ip Analytics Version16.1.2
F5 ≫ Big-ip Application Acceleration Manager Version14.1.5
F5 ≫ Big-ip Application Acceleration Manager Version15.1.4.1
F5 ≫ Big-ip Application Acceleration Manager Version16.1.2
F5 ≫ Big-ip Application Security Manager Version14.1.5
F5 ≫ Big-ip Application Security Manager Version15.1.4.1
F5 ≫ Big-ip Application Security Manager Version16.1.2
F5 ≫ Big-ip Application Visibility And Reporting Version14.1.5
F5 ≫ Big-ip Application Visibility And Reporting Version15.1.4.1
F5 ≫ Big-ip Application Visibility And Reporting Version16.1.2
F5 ≫ Big-ip Carrier-grade Nat Version14.1.5
F5 ≫ Big-ip Carrier-grade Nat Version15.1.4.1
F5 ≫ Big-ip Carrier-grade Nat Version16.1.2
F5 ≫ Big-ip Ddos Hybrid Defender Version14.1.5
F5 ≫ Big-ip Ddos Hybrid Defender Version15.1.4.1
F5 ≫ Big-ip Ddos Hybrid Defender Version16.1.2
F5 ≫ Big-ip Domain Name System Version14.1.5
F5 ≫ Big-ip Domain Name System Version15.1.4.1
F5 ≫ Big-ip Domain Name System Version16.1.2
F5 ≫ Big-ip Edge Gateway Version14.1.5
F5 ≫ Big-ip Edge Gateway Version15.1.4.1
F5 ≫ Big-ip Edge Gateway Version16.1.2
F5 ≫ Big-ip Fraud Protection Service Version14.1.5
F5 ≫ Big-ip Fraud Protection Service Version15.1.4.1
F5 ≫ Big-ip Fraud Protection Service Version16.1.2
F5 ≫ Big-ip Global Traffic Manager Version14.1.5
F5 ≫ Big-ip Global Traffic Manager Version15.1.4.1
F5 ≫ Big-ip Global Traffic Manager Version16.1.2
F5 ≫ Big-ip Link Controller Version14.1.5
F5 ≫ Big-ip Link Controller Version15.1.4.1
F5 ≫ Big-ip Link Controller Version16.1.2
F5 ≫ Big-ip Local Traffic Manager Version14.1.5
F5 ≫ Big-ip Local Traffic Manager Version15.1.4.1
F5 ≫ Big-ip Local Traffic Manager Version16.1.2
F5 ≫ Big-ip Next Service Proxy For Kubernetes Version1.5.0
F5 ≫ Big-ip Policy Enforcement Manager Version14.1.5
F5 ≫ Big-ip Policy Enforcement Manager Version15.1.4.1
F5 ≫ Big-ip Policy Enforcement Manager Version16.1.2
F5 ≫ Big-ip Ssl Orchestrator Version14.1.5
F5 ≫ Big-ip Ssl Orchestrator Version15.1.4.1
F5 ≫ Big-ip Ssl Orchestrator Version16.1.2
F5 ≫ Big-ip Webaccelerator Version14.1.5
F5 ≫ Big-ip Webaccelerator Version15.1.4.1
F5 ≫ Big-ip Webaccelerator Version16.1.2
F5 ≫ Big-ip Websafe Version14.1.5
F5 ≫ Big-ip Websafe Version15.1.4.1
F5 ≫ Big-ip Websafe Version16.1.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.346 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
| f5sirt@f5.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.