CVE-2014-4024 — MEDIUM (5.9)

Q: How severe is CVE-2014-4024?

CVE-2014-4024 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-4024?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Local Traffic Manager, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Access Policy Manager.

Vulnerability Description

SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer (SSL) accelerator cards, might allow remote attackers to have unspecified impact via a timing side-channel attack.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
F5	Big-Ip Local Traffic Manager	>= 10.0.0, <= 10.2.4
F5	Big-Ip Application Acceleration Manager	>= 11.4.0, <= 11.5.1
F5	Big-Ip Advanced Firewall Manager	>= 11.3.0, <= 11.5.1
F5	Big-Ip Analytics	>= 11.0.0, <= 11.5.1
F5	Big-Ip Access Policy Manager	>= 10.1.0, <= 10.2.4
F5	Big-Ip Application Security Manager	>= 10.0.0, <= 10.2.4
F5	Big-Ip Edge Gateway	>= 10.1.0, <= 10.2.4
F5	Big-Ip Global Traffic Manager	>= 10.0.0, <= 10.2.4
F5	Big-Ip Link Controller	>= 10.0.0, <= 10.2.4
F5	Big-Ip Policy Enforcement Manager	>= 11.3.0, <= 11.5.1
F5	Big-Ip Protocol Security Module	>= 10.0.0, <= 10.2.4
F5	Big-Ip Webaccelerator	>= 10.0.0, <= 10.2.4
F5	Big-Ip Wan Optimization Manager	>= 10.0.0, <= 10.2.4

Related Weaknesses (CWE)

CWE-200

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/95834Third Party AdvisoryVDB Entry
https://support.f5.com/csp/article/K15500Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95834Third Party AdvisoryVDB Entry
https://support.f5.com/csp/article/K15500Vendor Advisory

FAQ

What is CVE-2014-4024?

CVE-2014-4024 is a vulnerability with a CVSS score of 5.9 (MEDIUM). SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used ...

How severe is CVE-2014-4024?

CVE-2014-4024 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-4024?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Local Traffic Manager, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Access Policy Manager.