What is the severity of CVE-2024-28132?

CVE-2024-28132 has been classified as a moderate severity vulnerability due to the potential exposure of sensitive information.

How do I fix CVE-2024-28132?

To fix CVE-2024-28132, update your F5 BIG-IP Next CNF to version 1.3.0 or later.

What types of sensitive information could be exposed in CVE-2024-28132?

CVE-2024-28132 may allow an authenticated attacker to view confidential data stored within the GSLB container.

What products are affected by CVE-2024-28132?

CVE-2024-28132 affects F5 BIG-IP Next Cloud-Native Network Functions version 1.2.0 to 1.2.1.

Are software versions that have reached End of Technical Support evaluated for CVE-2024-28132?

No, software versions that have reached End of Technical Support are not evaluated for CVE-2024-28132.

Vulnerability/
CVE-2024-28132

medium

4.4

CWE

922

8/5/2024

2/8/2024

CVE-2024-28132: BIG-IP NEXT CNF vulnerability

First published: Wed May 08 2024(Updated: )

Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Credit: f5sirt@f5.com

Affected Software	Affected Version	How to fix
F5 BIG-IP Next Cloud-Native Network Functions	>=1.2.0<=1.2.1	1.3.0

Never miss a vulnerability like this again

Reference Links

https://my.f5.com/manage/s/article/K000138913

Frequently Asked Questions

What is the severity of CVE-2024-28132?
CVE-2024-28132 has been classified as a moderate severity vulnerability due to the potential exposure of sensitive information.
How do I fix CVE-2024-28132?
To fix CVE-2024-28132, update your F5 BIG-IP Next CNF to version 1.3.0 or later.
What types of sensitive information could be exposed in CVE-2024-28132?
CVE-2024-28132 may allow an authenticated attacker to view confidential data stored within the GSLB container.
What products are affected by CVE-2024-28132?
CVE-2024-28132 affects F5 BIG-IP Next Cloud-Native Network Functions version 1.2.0 to 1.2.1.
Are software versions that have reached End of Technical Support evaluated for CVE-2024-28132?
No, software versions that have reached End of Technical Support are not evaluated for CVE-2024-28132.

agent/references
agent/weakness
agent/title
agent/type
agent/author
collector/nvd-api
source/NVD
agent/severity
agent/description
agent/first-publish-date
agent/softwarecombine
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/f5-advisory
source/F5
alias/CVE-2024-28132
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/f5
canonical/f5 big-ip next cloud-native network functions
version/f5 big-ip next cloud-native network functions/1.2.0
version/f5 big-ip next cloud-native network functions/1.2.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2024-28132?
CVE-2024-28132 has been classified as a moderate severity vulnerability due to the potential exposure of sensitive information.
How do I fix CVE-2024-28132?
To fix CVE-2024-28132, update your F5 BIG-IP Next CNF to version 1.3.0 or later.
What types of sensitive information could be exposed in CVE-2024-28132?
CVE-2024-28132 may allow an authenticated attacker to view confidential data stored within the GSLB container.
What products are affected by CVE-2024-28132?
CVE-2024-28132 affects F5 BIG-IP Next Cloud-Native Network Functions version 1.2.0 to 1.2.1.
Are software versions that have reached End of Technical Support evaluated for CVE-2024-28132?
No, software versions that have reached End of Technical Support are not evaluated for CVE-2024-28132.