| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.2 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic has been found in F5 BIG-IP up to 11.5.0. This affects an unknown function. Performing a manipulation results in information disclosure (Unspecified). This vulnerability is reported as CVE-2013-6024. No exploit exists. It is recommended to upgrade the affected component.
Details
A vulnerability, which was classified as problematic, was found in F5 BIG-IP up to 11.5.0 (Firewall Software). This affects some unknown processing. The manipulation with an unknown input leads to a information disclosure vulnerability (Unspecified). CWE is classifying the issue as CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. This is going to have an impact on confidentiality. The summary by CVE is:
The Edge Client components in F5 BIG-IP APM 10.x through 10.2.4 and 11.x before 11.5.0, BIG-IP Edge Gateway 10.1.x and 10.2.x through 10.2.4 and 11.x before 11.5.0, and FirePass 6.0.0 through 6.1.0 and 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified vectors.
The weakness was disclosed 02/04/2014 by Giorgio Casali and Simone Checchini with Verizon Enterprise Solutions (GCIS Vulnerability Management) as SOL14969: BIG-IP Edge Client information leakage vulnerability as confirmed advisory (Website). It is possible to read the advisory at support.f5.com. The public release has been coordinated in cooperation with F5. This vulnerability is uniquely identified as CVE-2013-6024 since 10/04/2013. Attacking locally is a requirement. Required for exploitation is a authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1592 according to MITRE ATT&CK.
The vulnerability scanner Nessus provides a plugin with the ID 78160 (F5 Networks BIG-IP : BIG-IP Edge and FirePass client information leakage vulnerability (SOL14969)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family F5 Networks Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 371744 (F5 BIG-IP APM Edge Client Components Information Leakage Vulnerability(K14969)).
Upgrading to version 11.5.0 eliminates this vulnerability. The advisory contains the following remark:
To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. A fixed client component automatically downloads the next time a client is authenticated to the APM or FirePass host.
The vulnerability is also documented in the databases at Tenable (78160), SecurityFocus (BID 65422†), OSVDB (102943†) and Vulnerability Center (SBV-43584†). Be aware that VulDB is the high quality source for vulnerability data.
Affected
- F5 Networks Inc. BIG-IP APM 10.0.0
- F5 Networks Inc. BIG-IP APM 10.2.4
- F5 Networks Inc. BIG-IP APM 11.0.0
- F5 Networks Inc. BIG-IP APM 11.4.1
- F5 Networks Inc. BIG-IP Edge Gateway 10.1.0
- F5 Networks Inc. BIG-IP Edge Gateway 10.2.4
- F5 Networks Inc. BIG-IP Edge Gateway 11.0.0
- F5 Networks Inc. BIG-IP Edge Gateway 11.4.1
- F5 Networks Inc. FirePass 6.0.0
- F5 Networks Inc. FirePass 6.1.0
- F5 Networks Inc. FirePass 7.0.0
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://f5.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 3.3VulDB Meta Temp Score: 3.2
VulDB Base Score: 3.3
VulDB Temp Score: 3.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Name: UnspecifiedClass: Information disclosure / Unspecified
CWE: CWE-200 / CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 78160
Nessus Name: F5 Networks BIG-IP : BIG-IP Edge and FirePass client information leakage vulnerability (SOL14969)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: BIG-IP 11.5.0
Timeline
10/04/2013 🔍02/04/2014 🔍
02/04/2014 🔍
02/04/2014 🔍
02/07/2014 🔍
02/10/2014 🔍
03/12/2014 🔍
10/10/2014 🔍
08/17/2024 🔍
Sources
Vendor: f5.comAdvisory: SOL14969: BIG-IP Edge Client information leakage vulnerability
Researcher: Giorgio Casali, Simone Checchini
Organization: Verizon Enterprise Solutions (GCIS Vulnerability Management)
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2013-6024 (🔍)
GCVE (CVE): GCVE-0-2013-6024
GCVE (VulDB): GCVE-100-12207
CERT: 🔍
SecurityFocus: 65422 - Multiple F5 Networks Products CVE-2013-6024 Local Information Disclosure Vulnerability
OSVDB: 102943
Vulnerability Center: 43584 - F5 BIG-IP APM and Edge Gateway Local Information Disclosure Vulnerability, Medium
Entry
Created: 02/07/2014 13:32Updated: 08/17/2024 00:16
Changes: 02/07/2014 13:32 (74), 05/22/2017 11:52 (4), 06/09/2021 07:29 (3), 08/17/2024 00:16 (15)
Complete: 🔍
Committer:
Cache ID: 216:349:103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.