F5 BIG-IP APM Vulnerability Allows Attackers to Bypass Endpoint Inspection

CVE-2024-28883

7.4HIGH

Key Information

Vendor: F5
Status: Big-ip Edge Client; Big-ip
Vendor: CVE Published:; 8 May 2024

Summary

An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Version(s)

BIG-IP Edge Client < 7.2.4.4

BIG-IP < 17.1.1

BIG-IP < 16.1.4.2

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 8, 2024
Vulnerability Reserved.
Apr 24, 2024

Collectors

NVD DatabaseMitre Database

Key Information

Summary

Affected Version(s)

CVSS V3.1

Timeline

Collectors

Credit