Timing Side-Channel Vulnerability in F5 BIG-IP Systems
CVE-2014-4024

5.9MEDIUM

Key Information:

Vendor
F5
Status
Big-ip Local Traffic Manager
Vendor
CVE Published:
19 March 2018

Summary

The F5 BIG-IP systems are vulnerable to a timing side-channel attack that could be exploited by remote attackers when the systems are used in conjunction with third-party SSL accelerator cards. This vulnerability occurs in SSL virtual servers and can lead to unspecified impacts, potentially allowing attackers to gain sensitive information or manipulate processes without detection.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/95834
vdb-entryx_refsource_XF
https://support.f5.com/csp/article/K15500
x_refsource_CONFIRM

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.