CVE-2024-32761 – This CVE describes a data leak vulnerability in... (How to Fix)

Q: What is the severity of CVE-2024-32761?

CVE-2024-32761 has a CVSS score of 6.5 (MEDIUM). This CVE describes a data leak vulnerability in F5 BIG-IP Traffic Management Microkernels (TMMs) running on VELOS and rSeries platforms. Under certain conditions, it may leak up to 64 bytes of non-contiguous randomized data, and in rare cases could cause TMM restarts affecting availability. Only BIG-IP tenants on VELOS and rSeries platforms running supported software versions are affected.

📋 TL;DR

This CVE describes a data leak vulnerability in F5 BIG-IP Traffic Management Microkernels (TMMs) running on VELOS and rSeries platforms. Under certain conditions, it may leak up to 64 bytes of non-contiguous randomized data, and in rare cases could cause TMM restarts affecting availability. Only BIG-IP tenants on VELOS and rSeries platforms running supported software versions are affected.

💻 Affected Systems

Products:

F5 BIG-IP Traffic Management Microkernels (TMMs)

Versions: Supported versions on VELOS and rSeries platforms (versions that have not reached End of Technical Support)

Operating Systems: F5 TMOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects BIG-IP tenants running on VELOS and rSeries platforms; software versions that have reached End of Technical Support (EoTS) are not evaluated

⚠️ Risk & Real-World Impact

🔴

Worst Case

TMM restart causing service disruption and potential data leakage of sensitive information from memory

🟠

Likely Case

Minor data leakage of random memory bytes with minimal security impact

🟢

If Mitigated

No impact if proper network segmentation and access controls prevent exploitation

🌐 Internet-Facing: MEDIUM - While exploitation is random and not deliberate, internet-facing systems could leak data to attackers

🏢 Internal Only: LOW - Internal systems have reduced exposure, but data leakage could still occur within trusted networks

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

The vulnerability occurs randomly and cannot be deliberately triggered according to the description

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check F5 advisory K000139217 for specific fixed versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000139217

Restart Required: Yes

Instructions:

1. Review F5 advisory K000139217 for affected versions. 2. Upgrade to patched versions as specified in the advisory. 3. Restart TMM services after patching.

🔧 Temporary Workarounds

Network segmentation and access controls

all

Implement strict network segmentation and access controls to limit exposure of affected systems

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected systems
Monitor for TMM restarts and unusual memory access patterns

🔍 How to Verify

Check if Vulnerable:

Check BIG-IP version and platform type against F5 advisory K000139217

Check Version:

tmsh show sys version

Verify Fix Applied:

Verify BIG-IP version is updated to patched version specified in F5 advisory

📡 Detection & Monitoring

Log Indicators:

Unexpected TMM restarts
Memory access errors in system logs

Network Indicators:

Unusual traffic patterns to/from TMM services

SIEM Query:

Search for 'TMM restart' or 'memory leak' events in BIG-IP logs

📊 Metadata

CVE ID: CVE-2024-32761

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE: CWE-119

Published: May 8, 2024

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://my.f5.com/manage/s/article/K000139217 Vendor Advisory
https://my.f5.com/manage/s/article/K000139217 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32761, you might also want to check these: