Vulnerability Name:

CVE-2013-6024 (CCN-102949)

Assigned:2013-10-15
Published:2013-10-15
Updated:2019-05-03
Summary:The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified vectors.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:S/C:C/I:N/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:S/C:C/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2013-6024

Source: CONFIRM
Type: Vendor Advisory
http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14969.html

Source: CCN
Type: US-CERT VU#146430
F5 Networks BIG-IP Edge Client information leakage vulnerability

Source: CERT-VN
Type: US Government Resource
VU#146430

Source: BID
Type: UNKNOWN
65422

Source: CCN
Type: BID-65422
Multiple F5 Networks Products CVE-2013-6024 Local Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
f5-bigip-cve20136024-info-disc(102949)

Source: CONFIRM
Type: UNKNOWN
https://support.f5.com/csp/article/K14969

Source: CCN
Type: F5 Security Advisory
BIG-IP Edge and FirePass client information leakage vulnerability CVE-2013-6024

Vulnerable Configuration:Configuration 1:
  • cpe:/a:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:10.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_edge_gateway:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_edge_gateway:10.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_edge_gateway:11.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_edge_gateway:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:firepass:6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:firepass:6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:firepass:7.0.0:*:*:*:*:*:*:*
  • OR cpe:/h:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:standalone
  • OR cpe:/h:f5:big-ip_access_policy_manager:10.2.4:*:*:*:*:*:*:standalone
  • OR cpe:/h:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:standalone
  • OR cpe:/h:f5:big-ip_access_policy_manager:11.1.0:*:*:*:*:*:*:standalone
  • OR cpe:/h:f5:big-ip_access_policy_manager:11.2.0:*:*:*:*:*:*:standalone
  • OR cpe:/h:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:standalone
  • OR cpe:/h:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:standalone

    • Configuration CCN 1:
  • cpe:/h:f5:firepass:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:firepass:6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:firepass:7.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:10.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_edge_gateway:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_edge_gateway:10.2.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    f5 big-ip access policy manager 10.1.0
    f5 big-ip access policy manager 10.2.4
    f5 big-ip access policy manager 11.0.0
    f5 big-ip access policy manager 11.1.0
    f5 big-ip access policy manager 11.2.0
    f5 big-ip access policy manager 11.2.1
    f5 big-ip access policy manager 11.3.0
    f5 big-ip edge gateway 10.1.0
    f5 big-ip edge gateway 10.2.4
    f5 big-ip edge gateway 11.0.0
    f5 big-ip edge gateway 11.5.0
    f5 firepass 6.0.0
    f5 firepass 6.1.0
    f5 firepass 7.0.0
    f5 big-ip access policy manager 10.1.0
    f5 big-ip access policy manager 10.2.4
    f5 big-ip access policy manager 11.0.0
    f5 big-ip access policy manager 11.1.0
    f5 big-ip access policy manager 11.2.0
    f5 big-ip access policy manager 11.2.1
    f5 big-ip access policy manager 11.3.0
    f5 firepass 6.0
    f5 big-ip access policy manager 10.1.0
    f5 firepass 6.1.0
    f5 firepass 7.0.0
    f5 big-ip access policy manager 10.2.4
    f5 big-ip access policy manager 11.4.0
    f5 big-ip edge gateway 11.4.0
    f5 big-ip edge gateway 10.2.4