CVE-2024-41719 MEDIUM

CVE-2024-41719: BIG-IP Next Central Manager vulnerability

Vendor F5
Product BIG-IP Next Central Manager
Weakness CWE-532 · Sensitive info in logs
Published August 14, 2024
Last update August 14, 2024

CVSS base score

4.2/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5 iHealth credentials will be logged in the BIG-IP Central Manager logs.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Key dates

02Disclosure timeline

August 14, 2024 CVE published
August 14, 2024 Record updated