Site icon API Security Blog

K32544615 : BIG-IP iControl REST API vulnerability CVE-2024-22389

Security Advisory Description When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. (CVE-2024-22389) Impact This vulnerability may allow an authenticated attacker to use deleted or updated API tokens on the peer device until they expire. There is no data plane exposure; this is a control plane issue…Read More

Exit mobile version