CVE-2024-37028

Summary

BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Software

VendorProductVersion RangeStatus
F5BIG-IP Next Central Manager20.1.0 < 20.2.1affected

Weaknesses

  • CWE-645: CWE-645 Overly Restrictive Account Lockout Mechanism

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References