Timing Side-Channel Vulnerability in F5 BIG-IP Systems
CVE-2014-4024

5.9MEDIUM

Key Information:

Vendor: F5
Status: Big-ip Local Traffic Manager
Vendor: CVE Published:; 19 March 2018

What is CVE-2014-4024?

The F5 BIG-IP systems are vulnerable to a timing side-channel attack that could be exploited by remote attackers when the systems are used in conjunction with third-party SSL accelerator cards. This vulnerability occurs in SSL virtual servers and can lead to unspecified impacts, potentially allowing attackers to gain sensitive information or manipulate processes without detection.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/95834

vdb-entryx_refsource_XF

https://support.f5.com/csp/article/K15500

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2018
Vulnerability Reserved
Jun 11, 2014