CVE-2024-32761 MEDIUM

CVE-2024-32761: BIG-IP TMM tenants on VELOS and rSeries vulnerability

Vendor F5
Product BIG-IP
Weakness CWE-119
Published May 8, 2024
Last update February 3, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

What the vulnerability does

01Description

Under certain conditions, a data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. This leak occurs randomly and cannot be deliberately triggered. If it occurs, it may leak up to 64 bytes of non-contiguous randomized bytes. Under rare conditions, this may lead to a TMM restart, affecting availability.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Key dates

02Disclosure timeline

May 8, 2024 CVE published
February 3, 2026 Record updated