What is the severity of F5-K000140222?

The severity of F5-K000140222 is considered moderate due to the potential impact of a race condition in the OpenSSH server.

How do I fix F5-K000140222?

To fix F5-K000140222, upgrade your affected F5 products to the latest versions as specified in the advisory.

What products are affected by F5-K000140222?

F5-K000140222 affects F5 BIG-IP Next, F5 BIG-IP Next Central Manager, F5 BIG-IP Next SPK, and F5 BIG-IP Next CNF within specified version ranges.

How can an attacker exploit F5-K000140222?

An attacker can exploit F5-K000140222 by failing to authenticate within the set time period, leading to a race condition in the sshd process.

Is there a workaround for F5-K000140222?

Currently, the recommended action for F5-K000140222 is to apply the available patch rather than relying on workarounds.

Vulnerability/
F5-K000140222

high

8.1

CWE

362

1/7/2024

24/7/2024

F5-K000140222: Race Condition

First published: Mon Jul 01 2024(Updated: )

A security regressionwas discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Affected Software	Affected Version	How to fix
F5 BIG-IP Next (LTM)	>=20.1.0<=20.2.1
F5 BIG-IP Next Central Manager	>=20.1.0<=20.2.1
F5 BIG-IP Next	>=1.7.0<=1.9.2
F5 BIG-IP Next	>=1.1.0<=1.3.1

Never miss a vulnerability like this again

Reference Links

https://my.f5.com/manage/s/article/K000140222

Frequently Asked Questions

What is the severity of F5-K000140222?
The severity of F5-K000140222 is considered moderate due to the potential impact of a race condition in the OpenSSH server.
How do I fix F5-K000140222?
To fix F5-K000140222, upgrade your affected F5 products to the latest versions as specified in the advisory.
What products are affected by F5-K000140222?
F5-K000140222 affects F5 BIG-IP Next, F5 BIG-IP Next Central Manager, F5 BIG-IP Next SPK, and F5 BIG-IP Next CNF within specified version ranges.
How can an attacker exploit F5-K000140222?
An attacker can exploit F5-K000140222 by failing to authenticate within the set time period, leading to a race condition in the sshd process.
Is there a workaround for F5-K000140222?
Currently, the recommended action for F5-K000140222 is to apply the available patch rather than relying on workarounds.

agent/severity
agent/weakness
agent/references
agent/last-modified-date
agent/type
agent/first-publish-date
agent/description
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/f5-advisory
source/F5
alias/CVE-2024-6387
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/f5
canonical/f5 big-ip next (ltm)
version/f5 big-ip next (ltm)/20.1.0
version/f5 big-ip next (ltm)/20.2.1
canonical/f5 big-ip next central manager
version/f5 big-ip next central manager/20.1.0
version/f5 big-ip next central manager/20.2.1
canonical/f5 big-ip next
version/f5 big-ip next/1.7.0
version/f5 big-ip next/1.9.2
version/f5 big-ip next/1.1.0
version/f5 big-ip next/1.3.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.