Memory Information Disclosure in F5 BIG-IP APM and FirePass
CVE-2013-6024

Currently unrated

Key Information:

Vendor: F5
Status: Big-ip Access Policy Manager; Firepass; Big-ip Edge Gateway
Vendor: CVE Published:; 10 February 2014

What is CVE-2013-6024?

The Edge Client components within F5 BIG-IP APM and FirePass products permit unauthorized access to sensitive information through unregulated memory access. Attackers leverage specific vectors to extract information from process memory, which could lead to severe confidentiality breaches. Ensuring that affected versions are updated promptly is crucial to maintaining security integrity.

References

http://support.f5.com/kb/en-us/solutions/public/14000/900...

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/146430

third-party-advisoryx_refsource_CERT-VN

https://support.f5.com/csp/article/K14969

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2014
Vulnerability Reserved
Oct 4, 2013