CVE-2024-32761

medium

CVSS v3 Base Score

6.5

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS Score

0.3%

Exploitation probability in 30 days

Top 46% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Confidentiality

Low

Integrity

None

Availability

High

Published: May 8, 2024 (735 days ago)

Last Modified: February 4, 2026

Vendor: F5

Description

Under certain conditions, a data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. This leak occurs randomly and cannot be deliberately triggered. If it occurs, it may leak up to 64 bytes of non-contiguous randomized bytes. Under rare conditions, this may lead to a TMM restart, affecting availability. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CWE

CWE-119

Affected Products

f5 big-ip access policy managerf5 big-ip advanced firewall managerf5 big-ip advanced web application firewallf5 big-ip analyticsf5 big-ip application acceleration managerf5 big-ip application security managerf5 big-ip application visibility and reportingf5 big-ip automation toolchainf5 big-ip carrier-grade natf5 big-ip container ingress services

References

🔗 my.f5.com 🔗 my.f5.com

CVE-2024-32761

Vulnerability Report

Description

CWE

Affected Products

References