Details of VAR-201402-0118

ID

VAR-201402-0118

CVE

CVE-2013-6024

TITLE

F5 Networks BIG-IP Edge Client information leakage vulnerability

Trust: 0.8

sources: CERT/CC: VU#146430

DESCRIPTION

The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified vectors. The components may leak information from memory. (CWE-200). Multiple F5 Networks Products are prone to an unspecified local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks. The following products are vulnerable: BIG-IP APM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4 BIG-IP Edge Gateway 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 FirePass 6.0.0 through 6.1.0 and 7.0.0. The following versions and products are vulnerable: Versions prior to Desktop Client 9.0R3, and 5.3R7 Versions prior to Pulse Connect Secure 9.0R3, 8.3R7, and 8.1R14. F5 BIG-IP APM, etc. are all products of the US F5 (F5) company. F5 BIG-IP APM is an access and security solution. The product provides unified access to business-critical applications and networks. F5 FirePass is a product that provides secure remote access to internal enterprise applications and data. Edge Client is one of the integrated remote access clients used in BIG-IP solutions. This vulnerability stems from configuration errors in network systems or products during operation. The following products and versions are affected: F5 BIG-IP APM Version 10.x, Version 11.x, Version 12.x, Version 13.x, Version 14.x; BIG-IP Edge Gateway Version 10.x, Version 11.x Version; FirePass version 7.0.0

Trust: 3.24

sources: NVD: CVE-2013-6024 // CERT/CC: VU#146430 // JVNDB: JVNDB-2014-001334 // BID: 65422 // BID: 107884 // BID: 107881 // VULHUB: VHN-66026

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.3.0	Trust: 1.6
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.1.0	Trust: 1.6
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.4	Trust: 1.6
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.2.0	Trust: 1.6
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.2.1	Trust: 1.6
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.4	Trust: 1.3
vendor:	f5	model:	firepass	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	firepass	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	firepass	scope:	eq	version:	6.1.0	Trust: 1.0
vendor:	f5	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip	scope:	lte	version:	apm 10.0.0 from 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip	scope:	lte	version:	and 11.0.0 from 11.4.1	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	10.1.0 from 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	lte	version:	and 11.0.0 from 11.4.1	Trust: 0.8
vendor:	f5	model:	firepass	scope:	lte	version:	6.0.0 from 6.1.0	Trust: 0.8
vendor:	f5	model:	firepass	scope:	eq	version:	and 7.0.0	Trust: 0.8
vendor:	f5	model:	firepass	scope:	eq	version:	7.0	Trust: 0.3
vendor:	f5	model:	firepass	scope:	eq	version:	6.1	Trust: 0.3
vendor:	f5	model:	firepass	scope:	eq	version:	6.0	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.3	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway hf3	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway hf3	scope:	eq	version:	11.2	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.2	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.0	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway hf4	scope:	eq	version:	11.3.0	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway hf5	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway hf2	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway hf5	scope:	eq	version:	11.2.0	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway hf7	scope:	eq	version:	11.1.0	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.4.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf4	scope:	eq	version:	11.3.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.3.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf5	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip apm hf3	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip apm hf2	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip apm hf5	scope:	eq	version:	11.2.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf3	scope:	eq	version:	11.2.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf2	scope:	eq	version:	11.2.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf7	scope:	eq	version:	11.1.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.1.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	10.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	ne	version:	11.5	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	11.5.0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2019	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3054	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5130	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.7021	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.1025	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.4	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.3054	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.4.2034	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.5075	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.1047	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.217	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.2043	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3.4027	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.629	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.140	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.185	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.4235	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.5182	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3046	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3051	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.14018	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.5004	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.133	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.3050	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3041	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.7	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5112	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5116	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5125	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2017	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2001	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.7059	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.2016	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3.2039	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.9266	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.8057	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.4004	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.1012	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.4014	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.6073	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.6	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.8066	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.4.243	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2011	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.9231	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.1003	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.2052	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0.48	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5118	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.495	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.6005	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.254	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2014	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3.5017	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.9353	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.128	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.7073	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.1(8)	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.136	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.1	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2010	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5131	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3055	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3.1095	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.202	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2006	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.5080	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0.51	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3.3086	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.5	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.5187	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2018	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.7030	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.4.1054	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 9.0r2	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 9.0r1	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 8.3r6	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 8.3r5	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 8.3r4	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 8.3r1	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 8.1r7	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 8.1r6	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 8.1r5	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 8.1r4	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 8.1r3	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 8.1r2	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 8.1r13	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 8.1r12	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 8.1r10	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 8.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure desktop client 9.0r2	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure desktop client 9.0r1	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure desktop client 5.3r6	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure desktop client 5.3r1	scope:	-	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 9.0r3	scope:	ne	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 8.3r7	scope:	ne	version:	-	Trust: 0.3
vendor:	pulse	model:	secure pulse connect secure 8.1r14	scope:	ne	version:	-	Trust: 0.3
vendor:	pulse	model:	secure desktop client 9.0r3	scope:	ne	version:	-	Trust: 0.3
vendor:	pulse	model:	secure desktop client 5.3r7	scope:	ne	version:	-	Trust: 0.3

sources: CERT/CC: VU#146430 // BID: 65422 // BID: 107884 // BID: 107881 // JVNDB: JVNDB-2014-001334 // CNNVD: CNNVD-201402-102 // NVD: CVE-2013-6024

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2013-6024
value:	MEDIUM
Trust: 1.6
nvd@nist.gov:	CVE-2013-6024
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-201402-102
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66026
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6024
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:S/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.7
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
NVD:	CVE-2013-6024
severity:	MEDIUM
baseScore:	4.4
vectorString:	NONE
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.7
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-66026
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:S/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.7
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#146430 // VULHUB: VHN-66026 // JVNDB: JVNDB-2014-001334 // CNNVD: CNNVD-201402-102 // NVD: CVE-2013-6024

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 2.7

sources: CERT/CC: VU#146430 // VULHUB: VHN-66026 // JVNDB: JVNDB-2014-001334 // NVD: CVE-2013-6024

THREAT TYPE

local

Trust: 1.5

sources: BID: 65422 // BID: 107884 // BID: 107881 // CNNVD: CNNVD-201402-102

TYPE

Design Error

Trust: 0.9

sources: BID: 65422 // BID: 107884 // BID: 107881

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001334

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#146430

PATCH

title:	SOL14969: BIG-IP Edge Client information leakage vulnerability CVE-2013-6024	url:	http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14969.html?sr=34905674-	Trust: 0.8
title:	Multiple F5 Product information disclosure vulnerability repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91620	Trust: 0.6

sources: JVNDB: JVNDB-2014-001334 // CNNVD: CNNVD-201402-102

EXTERNAL IDS

db:	CERT/CC	id:	VU#146430	Trust: 3.6
db:	NVD	id:	CVE-2013-6024	Trust: 2.8
db:	BID	id:	65422	Trust: 2.0
db:	CERT/CC	id:	VU#192371	Trust: 1.5
db:	JVN	id:	JVNVU97826082	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001334	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-102	Trust: 0.7
db:	BID	id:	107884	Trust: 0.3
db:	PULSESECURE	id:	SA44114	Trust: 0.3
db:	BID	id:	107881	Trust: 0.3
db:	VULHUB	id:	VHN-66026	Trust: 0.1

sources: CERT/CC: VU#146430 // VULHUB: VHN-66026 // BID: 65422 // BID: 107884 // BID: 107881 // JVNDB: JVNDB-2014-001334 // CNNVD: CNNVD-201402-102 // NVD: CVE-2013-6024

REFERENCES

url:	http://www.kb.cert.org/vuls/id/146430	Trust: 2.8
url:	http://www.securityfocus.com/bid/65422	Trust: 2.3
url:	http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14969.html?sr=34905674-	Trust: 1.7
url:	https://support.f5.com/csp/article/k14969	Trust: 1.7
url:	https://www.kb.cert.org/vuls/id/192371/	Trust: 1.5
url:	http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14969.html	Trust: 1.1
url:	http://www.f5.com/products/big-ip/	Trust: 0.9
url:	http://cwe.mitre.org/data/definitions/200.html	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6024	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97826082/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6024	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps10884/index.html	Trust: 0.3
url:	https://www.pulsesecure.net/	Trust: 0.3
url:	https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44114/	Trust: 0.3

CREDITS

Giorgio Casali and Simone Cecchini with Verizon Enterprise Solutions GCIS Threat and Vulnerability Management

Trust: 0.9

sources: BID: 65422 // CNNVD: CNNVD-201402-102

SOURCES

db:	CERT/CC	id:	VU#146430
db:	VULHUB	id:	VHN-66026
db:	BID	id:	65422
db:	BID	id:	107884
db:	BID	id:	107881
db:	JVNDB	id:	JVNDB-2014-001334
db:	CNNVD	id:	CNNVD-201402-102
db:	NVD	id:	CVE-2013-6024

LAST UPDATE DATE

2024-11-23T22:07:41.048000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#146430	date:	2014-02-06T00:00:00
db:	VULHUB	id:	VHN-66026	date:	2019-05-03T00:00:00
db:	BID	id:	65422	date:	2019-04-12T08:00:00
db:	BID	id:	107884	date:	2019-04-11T00:00:00
db:	BID	id:	107881	date:	2019-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-001334	date:	2014-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201402-102	date:	2019-05-08T00:00:00
db:	NVD	id:	CVE-2013-6024	date:	2024-11-21T01:58:38.553

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#146430	date:	2014-02-06T00:00:00
db:	VULHUB	id:	VHN-66026	date:	2014-02-10T00:00:00
db:	BID	id:	65422	date:	2014-02-04T00:00:00
db:	BID	id:	107884	date:	2019-04-11T00:00:00
db:	BID	id:	107881	date:	2019-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-001334	date:	2014-02-10T00:00:00
db:	CNNVD	id:	CNNVD-201402-102	date:	2014-02-10T00:00:00
db:	NVD	id:	CVE-2013-6024	date:	2014-02-10T18:15:10.683