CVE-2014-4024

MEDIUM

F5 BIG-IP <10.2.4 HF9, <11.2.1 HF12, <11.3.0 HF10, <11.4.0 HF8, <11...

Title source: llm
STIX 2.1

Description

SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer (SSL) accelerator cards, might allow remote attackers to have unspecified impact via a timing side-channel attack.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95834
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K15500

Scores

CVSS v3 5.9
EPSS 0.0074
EPSS Percentile 73.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (13)
f5/big-ip_access_policy_manager 10.1.0 - 10.2.4
f5/big-ip_advanced_firewall_manager 11.3.0 - 11.5.1
f5/big-ip_analytics 11.0.0 - 11.5.1
f5/big-ip_application_acceleration_manager 11.4.0 - 11.5.1
f5/big-ip_application_security_manager 10.0.0 - 10.2.4
f5/big-ip_edge_gateway 10.1.0 - 10.2.4
f5/big-ip_global_traffic_manager 10.0.0 - 10.2.4
f5/big-ip_link_controller 10.0.0 - 10.2.4
f5/big-ip_local_traffic_manager 10.0.0 - 10.2.4
f5/big-ip_policy_enforcement_manager 11.3.0 - 11.5.1
... and 3 more
Published Mar 19, 2018
Tracked Since Feb 18, 2026