CVE-2024-32761

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-32761
Under certain conditions, a data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. This leak occurs randomly and cannot be deliberately triggered. If it occurs, it may leak up to 64 bytes of non-contiguous randomized bytes. Under rare conditions, this may lead to a TMM restart, affecting availability.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://my.f5.com/manage/s/article/K000139217 Vendor Advisory
https://my.f5.com/manage/s/article/K000139217 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*
History

17 Jun 2026, 07:30

Type Values Removed Values Added
Summary (es) Bajo ciertas condiciones, puede ocurrir una posible fuga de datos en los micronúcleos de administración de tráfico (TMM) de los inquilinos de BIG-IP que se ejecutan en plataformas VELOS y rSeries. Sin embargo, un atacante no puede aprovechar este problema porque no se puede reproducir de forma consistente y está fuera de su control. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan (es) Bajo ciertas condiciones, puede producirse una fuga de datos en los Microkernels de Gestión de Tráfico (TMM) de los tenants de BIG-IP que se ejecutan en plataformas VELOS y rSeries. Esta fuga se produce de forma aleatoria y no puede ser provocada deliberadamente. Si se produce, puede filtrar hasta 64 bytes de bytes aleatorios no contiguos. En raras ocasiones, esto puede provocar un reinicio del TMM, lo que afecta a la disponibilidad. Nota: Las versiones de software que han alcanzado el Fin del Soporte Técnico (EoTS) no se evalúan.

03 Feb 2026, 01:15

Type Values Removed Values Added
Summary (en) Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker's control.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated (en) Under certain conditions, a data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. This leak occurs randomly and cannot be deliberately triggered. If it occurs, it may leak up to 64 bytes of non-contiguous randomized bytes. Under rare conditions, this may lead to a TMM restart, affecting availability.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

21 Oct 2025, 11:38

Type Values Removed Values Added
References () https://my.f5.com/manage/s/article/K000139217 - () https://my.f5.com/manage/s/article/K000139217 - Vendor Advisory
CPE cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
First Time F5 big-ip Application Visibility And Reporting
F5 big-ip Carrier-grade Nat
F5 big-ip Advanced Firewall Manager
F5 big-ip Link Controller
F5 big-ip Analytics
F5 big-ip Ssl Orchestrator
F5 big-ip Edge Gateway
F5
F5 big-ip Domain Name System
F5 big-ip Application Security Manager
F5 big-ip Fraud Protection Service
F5 big-ip Global Traffic Manager
F5 big-ip Webaccelerator
F5 big-ip Application Acceleration Manager
F5 big-ip Advanced Web Application Firewall
F5 big-ip Access Policy Manager
F5 big-ip Policy Enforcement Manager
F5 big-ip Container Ingress Services
F5 big-ip Ddos Hybrid Defender
F5 big-ip Local Traffic Manager
F5 big-ip Websafe
F5 big-ip Automation Toolchain

21 Nov 2024, 09:15

Type Values Removed Values Added
References () https://my.f5.com/manage/s/article/K000139217 - () https://my.f5.com/manage/s/article/K000139217 -
Summary
  • (es) Bajo ciertas condiciones, puede ocurrir una posible fuga de datos en los micronúcleos de administración de tráfico (TMM) de los inquilinos de BIG-IP que se ejecutan en plataformas VELOS y rSeries. Sin embargo, un atacante no puede aprovechar este problema porque no se puede reproducir de forma consistente y está fuera de su control. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan

08 May 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-08 15:15

Updated : 2026-06-17 07:30

NVD link : CVE-2024-32761

Mitre link : CVE-2024-32761

CVE.ORG link : CVE-2024-32761

JSON object : View

Products Affected

f5

  • big-ip_global_traffic_manager
  • big-ip_link_controller
  • big-ip_fraud_protection_service
  • big-ip_advanced_firewall_manager
  • big-ip_carrier-grade_nat
  • big-ip_access_policy_manager
  • big-ip_websafe
  • big-ip_local_traffic_manager
  • big-ip_application_acceleration_manager
  • big-ip_webaccelerator
  • big-ip_advanced_web_application_firewall
  • big-ip_domain_name_system
  • big-ip_container_ingress_services
  • big-ip_ddos_hybrid_defender
  • big-ip_automation_toolchain
  • big-ip_policy_enforcement_manager
  • big-ip_application_visibility_and_reporting
  • big-ip_ssl_orchestrator
  • big-ip_application_security_manager
  • big-ip_edge_gateway
  • big-ip_analytics
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer