Improper Certificate Validation Vulnerability in BIG-IP Central Manager Could Allow Impersonation of Instance Provider Systems
CVE-2024-33612

8HIGH

Key Information:

Vendor: F5
Status: Big-ip Next Central Manager
Vendor: CVE Published:; 8 May 2024

What is CVE-2024-33612?

An improper certificate validation vulnerability exists in BIG-IP Next Central Manager, presenting a risk where attackers may successfully impersonate an Instance Provider system. This flaw can facilitate an intruder's ability to bypass security boundaries, potentially leading to unauthorized access and compromise of sensitive information. Specific software versions that have reached End of Technical Support (EoTS) are not subject to this evaluation.

Affected Version(s)

BIG-IP Next Central Manager 20.0.1 < 20.2.0

References

https://my.f5.com/manage/s/article/K000139012

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2024
Vulnerability Reserved
Apr 24, 2024

F5

What is CVE-2024-33612?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit