Vulnerability Details : CVE-2013-6024
The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified vectors.
Vulnerability category: Information leak
Products affected by CVE-2013-6024
- cpe:2.3:h:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:standalone
- cpe:2.3:h:f5:big-ip_access_policy_manager:11.1.0:*:*:*:*:*:*:standalone
- cpe:2.3:h:f5:big-ip_access_policy_manager:11.2.0:*:*:*:*:*:*:standalone
- cpe:2.3:h:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:standalone
- cpe:2.3:h:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:standalone
- cpe:2.3:h:f5:big-ip_access_policy_manager:10.2.4:*:*:*:*:*:*:standalone
- cpe:2.3:h:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:standalone
- cpe:2.3:a:f5:big-ip_access_policy_manager:11.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_edge_gateway:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_edge_gateway:10.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_edge_gateway:10.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_edge_gateway:11.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:firepass:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:firepass:6.1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6024
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6024
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:S/C:C/I:N/A:N |
2.7
|
6.9
|
NIST |
CWE ids for CVE-2013-6024
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6024
-
http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14969.html
Vendor Advisory
-
http://www.kb.cert.org/vuls/id/146430
VU#146430 - F5 Networks BIG-IP Edge Client information leakage vulnerabilityUS Government Resource
-
http://www.securityfocus.com/bid/65422
Multiple F5 Networks Products CVE-2013-6024 Local Information Disclosure Vulnerability
-
https://support.f5.com/csp/article/K14969
Jump to