CVE-2024-41727 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
f5	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Vendor	Product	Version
f5	big-ip_access_policy_manager	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_access_policy_manager	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_access_policy_manager	17.1.0
f5	big-ip_advanced_firewall_manager	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_advanced_firewall_manager	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_advanced_firewall_manager	17.1.0
f5	big-ip_advanced_web_application_firewall	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_advanced_web_application_firewall	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_advanced_web_application_firewall	17.1.0
f5	big-ip_analytics	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_analytics	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_analytics	17.1.0
f5	big-ip_application_acceleration_manager	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_application_acceleration_manager	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_application_acceleration_manager	17.1.0
f5	big-ip_application_security_manager	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_application_security_manager	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_application_security_manager	17.1.0
f5	big-ip_application_visibility_and_reporting	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_application_visibility_and_reporting	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_application_visibility_and_reporting	17.1.0
f5	big-ip_automation_toolchain	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_automation_toolchain	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_automation_toolchain	17.1.0
f5	big-ip_carrier-grade_nat	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_carrier-grade_nat	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_carrier-grade_nat	17.1.0
f5	big-ip_container_ingress_services	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_container_ingress_services	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_container_ingress_services	17.1.0
f5	big-ip_ddos_hybrid_defender	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_ddos_hybrid_defender	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_ddos_hybrid_defender	17.1.0
f5	big-ip_domain_name_system	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_domain_name_system	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_domain_name_system	17.1.0
f5	big-ip_edge_gateway	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_edge_gateway	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_edge_gateway	17.1.0
f5	big-ip_fraud_protection_service	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_fraud_protection_service	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_fraud_protection_service	17.1.0
f5	big-ip_global_traffic_manager	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_global_traffic_manager	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_global_traffic_manager	17.1.0
f5	big-ip_link_controller	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_link_controller	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_link_controller	17.1.0
f5	big-ip_local_traffic_manager	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_local_traffic_manager	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_local_traffic_manager	17.1.0
f5	big-ip_policy_enforcement_manager	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_policy_enforcement_manager	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_policy_enforcement_manager	17.1.0
f5	big-ip_ssl_orchestrator	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_ssl_orchestrator	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_ssl_orchestrator	17.1.0
f5	big-ip_webaccelerator	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_webaccelerator	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_webaccelerator	17.1.0
f5	big-ip_websafe	15.1.0 ≤ 𝑥 ≤ 15.1.1
f5	big-ip_websafe	16.1.0 ≤ 𝑥 < 16.1.5
f5	big-ip_websafe	17.1.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CWE-770 - Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References

https://my.f5.com/manage/s/article/K000138833