First published: Wed Feb 14 2024(Updated: )
When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.
Credit: f5sirt@f5.com
Affected Software | Affected Version | How to fix |
---|---|---|
F5 BIG-IP and BIG-IQ Centralized Management | =17.1.0 | 17.1.1 |
F5 BIG-IP and BIG-IQ Centralized Management | >=16.1.0<=16.1.3 | 16.1.4 |
F5 BIG-IP and BIG-IQ Centralized Management | >=15.1.0<=15.1.9 | 15.1.10 |
F5 Access Policy Manager | >=15.1.0<15.1.9 | |
F5 Access Policy Manager | >=16.1.0<16.1.4 | |
F5 Access Policy Manager | =17.1.0 | |
F5 BIG-IP and BIG-IQ Centralized Management | >=8.0.0<=8.3.0 | |
F5 BIG-IP Advanced Firewall Manager | >=15.1.0<15.1.9 | |
F5 BIG-IP Advanced Firewall Manager | >=16.1.0<16.1.4 | |
F5 BIG-IP Advanced Firewall Manager | =17.1.0 | |
F5 BIG-IP Analytics | >=15.1.0<15.1.9 | |
F5 BIG-IP Analytics | >=16.1.0<16.1.4 | |
F5 BIG-IP Analytics | =17.1.0 | |
F5 BIG-IP Application Acceleration Manager | >=15.1.0<15.1.9 | |
F5 BIG-IP Application Acceleration Manager | >=16.1.0<16.1.4 | |
F5 BIG-IP Application Acceleration Manager | =17.1.0 | |
F5 Application Security Manager | >=15.1.0<15.1.9 | |
F5 Application Security Manager | >=16.1.0<16.1.4 | |
F5 Application Security Manager | =17.1.0 | |
F5 BIG-IP | >=15.1.0<15.1.9 | |
F5 BIG-IP | >=16.1.0<16.1.4 | |
F5 BIG-IP | =17.1.0 | |
F5 BIG-IP Fraud Protection Service | >=15.1.0<15.1.9 | |
F5 BIG-IP Fraud Protection Service | >=16.1.0<16.1.4 | |
F5 BIG-IP Fraud Protection Service | =17.1.0 | |
Riverbed SteelApp Traffic Manager | >=15.1.0<15.1.9 | |
Riverbed SteelApp Traffic Manager | >=16.1.0<16.1.4 | |
Riverbed SteelApp Traffic Manager | =17.1.0 | |
F5 BIG-IP Link Controller | >=15.1.0<15.1.9 | |
F5 BIG-IP Link Controller | >=16.1.0<16.1.4 | |
F5 BIG-IP Link Controller | =17.1.0 | |
Riverbed SteelApp Traffic Manager | >=15.1.0<15.1.9 | |
Riverbed SteelApp Traffic Manager | >=16.1.0<16.1.4 | |
Riverbed SteelApp Traffic Manager | =17.1.0 | |
F5 BIG-IP Policy Enforcement Manager | >=15.1.0<15.1.9 | |
F5 BIG-IP Policy Enforcement Manager | >=16.1.0<16.1.4 | |
F5 BIG-IP Policy Enforcement Manager | =17.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2024-24775 is currently not disclosed, but it may impact the availability of the affected systems.
To resolve CVE-2024-24775, you must upgrade your F5 BIG-IP devices to a fixed version listed in the remedy section of the vulnerability details.
CVE-2024-24775 affects F5 BIG-IP versions 15.1.0 to 15.1.9, 16.1.0 to 16.1.4, and 17.1.0.
Products impacted by CVE-2024-24775 include F5 BIG-IP, BIG-IP Access Policy Manager, and BIG-IP Advanced Firewall Manager among others.
CVE-2024-24775 is a vulnerability that can lead to the termination of the Traffic Management Microkernel (TMM) due to undisclosed traffic.