What is the severity of CVE-2024-22389?

CVE-2024-22389 has not been assigned a specific severity rating, but it poses a risk in high availability deployments of F5 BIG-IP systems when API tokens are not synchronized.

How do I fix CVE-2024-22389?

To resolve CVE-2024-22389, ensure that the iControl REST API token is updated consistently across all peer devices in the high availability configuration.

What versions of F5 BIG-IP are affected by CVE-2024-22389?

CVE-2024-22389 affects F5 BIG-IP versions 17.1.0, 16.1.0 through 16.1.4, and 15.1.0 through 15.1.9.

What are the implications of CVE-2024-22389 for F5 BIG-IP users?

Users of F5 BIG-IP in high availability configurations may experience synchronization issues with API tokens, which could potentially affect their security posture.

Is there a workaround for CVE-2024-22389?

While no official workaround is provided for CVE-2024-22389, manual synchronization of API tokens may mitigate synchronization discrepancies.

Vulnerability/
CVE-2024-22389

high

7.2

CWE

613

EPSS

0.043%

14/2/2024

23/1/2025

CVE-2024-22389: BIG-IP iControl REST API Vulnerability

First published: Wed Feb 14 2024(Updated: )

When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device.

Credit: f5sirt@f5.com

Affected Software	Affected Version	How to fix
F5 BIG-IP	=17.1.0	17.1.1
F5 BIG-IP	>=16.1.0<=16.1.3	16.1.4
F5 BIG-IP	>=15.1.0<=15.1.8	15.1.9
F5 BIG-IP Access Policy Manager	>=15.1.0<15.1.9
F5 BIG-IP Access Policy Manager	>=16.1.0<16.1.4
F5 BIG-IP Access Policy Manager	=17.1.0
F5 BIG-IQ Centralized Management	>=8.0.0<=8.3.0
F5 BIG-IP Advanced Firewall Manager	>=15.1.0<15.1.9
F5 BIG-IP Advanced Firewall Manager	>=16.1.0<16.1.4
F5 BIG-IP Advanced Firewall Manager	=17.1.0
F5 BIG-IP Analytics	>=15.1.0<15.1.9
F5 BIG-IP Analytics	>=16.1.0<16.1.4
F5 BIG-IP Analytics	=17.1.0
f5 big-ip application acceleration manager	>=15.1.0<15.1.9
f5 big-ip application acceleration manager	>=16.1.0<16.1.4
f5 big-ip application acceleration manager	=17.1.0
F5 BIG-IP Application Security Manager	>=15.1.0<15.1.9
F5 BIG-IP Application Security Manager	>=16.1.0<16.1.4
F5 BIG-IP Application Security Manager	=17.1.0
f5 big-ip domain name system	>=15.1.0<15.1.9
f5 big-ip domain name system	>=16.1.0<16.1.4
f5 big-ip domain name system	=17.1.0
f5 big-ip fraud protection service	>=15.1.0<15.1.9
f5 big-ip fraud protection service	>=16.1.0<16.1.4
f5 big-ip fraud protection service	=17.1.0
F5 BIG-IP Global Traffic Manager	>=15.1.0<15.1.9
F5 BIG-IP Global Traffic Manager	>=16.1.0<16.1.4
F5 BIG-IP Global Traffic Manager	=17.1.0
f5 big-ip link controller	>=15.1.0<15.1.9
f5 big-ip link controller	>=16.1.0<16.1.4
f5 big-ip link controller	=17.1.0
F5 BIG-IP Local Traffic Manager	>=15.1.0<15.1.9
F5 BIG-IP Local Traffic Manager	>=16.1.0<16.1.4
F5 BIG-IP Local Traffic Manager	=17.1.0
F5 BIG-IP Policy Enforcement Manager	>=15.1.0<15.1.9
F5 BIG-IP Policy Enforcement Manager	>=16.1.0<16.1.4
F5 BIG-IP Policy Enforcement Manager	=17.1.0

Never miss a vulnerability like this again

Reference Links

https://my.f5.com/manage/s/article/K32544615

Frequently Asked Questions

What is the severity of CVE-2024-22389?
CVE-2024-22389 has not been assigned a specific severity rating, but it poses a risk in high availability deployments of F5 BIG-IP systems when API tokens are not synchronized.
How do I fix CVE-2024-22389?
To resolve CVE-2024-22389, ensure that the iControl REST API token is updated consistently across all peer devices in the high availability configuration.
What versions of F5 BIG-IP are affected by CVE-2024-22389?
CVE-2024-22389 affects F5 BIG-IP versions 17.1.0, 16.1.0 through 16.1.4, and 15.1.0 through 15.1.9.
What are the implications of CVE-2024-22389 for F5 BIG-IP users?
Users of F5 BIG-IP in high availability configurations may experience synchronization issues with API tokens, which could potentially affect their security posture.
Is there a workaround for CVE-2024-22389?
While no official workaround is provided for CVE-2024-22389, manual synchronization of API tokens may mitigate synchronization discrepancies.

agent/weakness
agent/title
agent/references
agent/type
agent/author
collector/epss-latest
source/FIRST
agent/epss
agent/severity
agent/description
agent/first-publish-date
agent/softwarecombine
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
collector/f5-advisory
source/F5
alias/CVE-2024-22389
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/tags
collector/nvd-api
source/NVD
vendor/f5
canonical/f5 big-ip
version/f5 big-ip/17.1.0
version/f5 big-ip/16.1.0
version/f5 big-ip/16.1.3
version/f5 big-ip/15.1.0
version/f5 big-ip/15.1.8
canonical/f5 big-ip access policy manager
version/f5 big-ip access policy manager/15.1.0
version/f5 big-ip access policy manager/16.1.0
version/f5 big-ip access policy manager/17.1.0
canonical/f5 big-iq centralized management
version/f5 big-iq centralized management/8.0.0
version/f5 big-iq centralized management/8.3.0
canonical/f5 big-ip advanced firewall manager
version/f5 big-ip advanced firewall manager/15.1.0
version/f5 big-ip advanced firewall manager/16.1.0
version/f5 big-ip advanced firewall manager/17.1.0
canonical/f5 big-ip analytics
version/f5 big-ip analytics/15.1.0
version/f5 big-ip analytics/16.1.0
version/f5 big-ip analytics/17.1.0
canonical/f5 big-ip application acceleration manager
version/f5 big-ip application acceleration manager/15.1.0
version/f5 big-ip application acceleration manager/16.1.0
version/f5 big-ip application acceleration manager/17.1.0
canonical/f5 big-ip application security manager
version/f5 big-ip application security manager/15.1.0
version/f5 big-ip application security manager/16.1.0
version/f5 big-ip application security manager/17.1.0
canonical/f5 big-ip domain name system
version/f5 big-ip domain name system/15.1.0
version/f5 big-ip domain name system/16.1.0
version/f5 big-ip domain name system/17.1.0
canonical/f5 big-ip fraud protection service
version/f5 big-ip fraud protection service/15.1.0
version/f5 big-ip fraud protection service/16.1.0
version/f5 big-ip fraud protection service/17.1.0
canonical/f5 big-ip global traffic manager
version/f5 big-ip global traffic manager/15.1.0
version/f5 big-ip global traffic manager/16.1.0
version/f5 big-ip global traffic manager/17.1.0
canonical/f5 big-ip link controller
version/f5 big-ip link controller/15.1.0
version/f5 big-ip link controller/16.1.0
version/f5 big-ip link controller/17.1.0
canonical/f5 big-ip local traffic manager
version/f5 big-ip local traffic manager/15.1.0
version/f5 big-ip local traffic manager/16.1.0
version/f5 big-ip local traffic manager/17.1.0
canonical/f5 big-ip policy enforcement manager
version/f5 big-ip policy enforcement manager/15.1.0
version/f5 big-ip policy enforcement manager/16.1.0
version/f5 big-ip policy enforcement manager/17.1.0

CVE-2024-22389: BIG-IP iControl REST API Vulnerability

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-22389?

How do I fix CVE-2024-22389?

What versions of F5 BIG-IP are affected by CVE-2024-22389?

What are the implications of CVE-2024-22389 for F5 BIG-IP users?

Is there a workaround for CVE-2024-22389?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-22389?

How do I fix CVE-2024-22389?

What versions of F5 BIG-IP are affected by CVE-2024-22389?

What are the implications of CVE-2024-22389 for F5 BIG-IP users?

Is there a workaround for CVE-2024-22389?