MidnightBSD

Advisories for f5

CVE-1999-1550 MEDIUM

bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
f5 tmos 2.0
CVE-2002-20001 MEDIUM

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 f5os-c 1.8.0
f5 big-ip_local_traffic_manager *
f5 big-ip_advanced_firewall_manager 17.5.0
f5 big-ip_global_traffic_manager 17.5.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_webaccelerator *
f5 big-ip_application_acceleration_manager *
f5 big-ip_webaccelerator 17.5.0
f5 big-ip_ssl_orchestrator *
f5 f5os-c 1.5.0
f5 big-ip_application_visibility_and_reporting 17.5.0
f5 traffix_signaling_delivery_controller 5.1.0
f5 big-ip_analytics *
f5 big-ip_policy_enforcement_manager 17.5.0
suse linux_enterprise_server 12
f5 big-ip_analytics 17.5.0
f5 big-ip_fraud_protection_service 17.5.0
f5 big-ip_carrier-grade_nat 17.5.0
f5 big-ip_link_controller 17.5.0
f5 traffix_sdc 5.2.0
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_ssl_orchestrator 17.5.0
suse linux_enterprise_server 11
f5 big-ip_edge_gateway 17.5.0
f5 big-ip_global_traffic_manager *
f5 big-ip_service_proxy 1.6.0
f5 big-ip_ddos_hybrid_defender 17.5.0
f5 traffix_sdc 5.1.0
f5 big-ip_domain_name_system 17.5.0
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 17.5.0
f5 f5os-a 1.8.0
f5 f5os-a *
hpe arubaos-cx *
stormshield stormshield_management_center *
f5 f5os-c 1.8.1
stormshield stormshield_network_security *
f5 big-ip_websafe *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_advanced_web_application_firewall 17.5.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 traffix_signaling_delivery_controller 5.2.0
suse linux_enterprise_server 15
f5 f5os-c *
f5 f5os-a 1.3.1
f5 big-ip_advanced_web_application_firewall *
siemens scalance_w1750d_firmware *
f5 big-ip_websafe 17.5.0
f5 f5os-a 1.3.0
f5 big-ip_application_security_manager 17.5.0
f5 big-ip_advanced_firewall_manager *
f5 f5os-c 1.5.1
balasys dheater -
f5 big-iq_centralized_management 7.1.0
f5 big-ip_local_traffic_manager 17.5.0
CVE-2004-1307 HIGH

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
libtiff libtiff 3.4
apple mac_os_x 10.3.7
avaya cvlan *
avaya call_management_system_server 11.0
sun sunos 5.8
apple mac_os_x_server 10.3.8
conectiva linux 9.0
avaya call_management_system_server 13.0
libtiff libtiff 3.5.3
libtiff libtiff 3.5.5
f5 icontrol_service_manager 1.3.4
apple mac_os_x_server 10.3.3
avaya mn100 *
apple mac_os_x 10.3.1
apple mac_os_x 10.3
f5 icontrol_service_manager 1.3.6
apple mac_os_x 10.3.3
f5 icontrol_service_manager 1.3.5
apple mac_os_x 10.3.6
apple mac_os_x 10.3.8
libtiff libtiff 3.5.1
apple mac_os_x_server 10.3.6
conectiva linux 10.0
mandrakesoft mandrake_linux 10.1
avaya modular_messaging_message_storage_server 2.0
sun solaris 8.0
apple mac_os_x 10.3.4
avaya call_management_system_server 8.0
apple mac_os_x 10.3.2
apple mac_os_x_server 10.3
apple mac_os_x_server 10.3.1
sgi propack 3.0
sun solaris 10.0
libtiff libtiff 3.6.0
mandrakesoft mandrake_linux 10.0
apple mac_os_x_server 10.3.5
avaya call_management_system_server 12.0
sun sunos 5.7
sun solaris 7.0
libtiff libtiff 3.5.4
apple mac_os_x 10.3.5
sun solaris 9.0
avaya call_management_system_server 9.0
f5 icontrol_service_manager 1.3
apple mac_os_x_server 10.3.9
libtiff libtiff 3.5.2
apple mac_os_x_server 10.3.4
apple mac_os_x_server 10.3.2
apple mac_os_x_server 10.3.7
avaya interactive_response *
libtiff libtiff 3.6.1
avaya intuity_audix_lx *
avaya interactive_response 1.3
avaya interactive_response 1.2.1
libtiff libtiff 3.7.0
gentoo linux *
sco unixware 7.1.4
avaya integrated_management *
apple mac_os_x 10.3.9
avaya modular_messaging_message_storage_server 1.1
libtiff libtiff 3.5.7
mandrakesoft mandrake_linux_corporate_server 3.0
CVE-2005-0356 MEDIUM

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cisco secure_access_control_server 2.5
cisco personal_assistant 1.3(2)
cisco unity_server 3.1
f5 tmos 4.3
cisco secure_access_control_server 3.2(1)
cisco secure_access_control_server 2.42
cisco content_services_switch_11501 *
freebsd freebsd 2.2.3
freebsd freebsd 4.1.1
cisco sn_5420_storage_router_firmware 1.1(7)
cisco secure_access_control_server 2.1
yamaha rtv700 *
nortel callpilot 702t
freebsd freebsd 3.3
cisco content_services_switch_11500 *
cisco meetingplace *
cisco sn_5420_storage_router_firmware 1.1.3
cisco secure_access_control_server 2.3.5.1
cisco content_services_switch_11503 *
cisco ciscoworks_1105_hosting_solution_engine *
alaxala alaxala_networks ax7800r
freebsd freebsd 4.0
freebsd freebsd 2.2.6
freebsd freebsd 2.2.4
hitachi gr4000 *
freebsd freebsd 5.0
yamaha rt105 *
nortel callpilot 201i
cisco unity_server 2.46
cisco sn_5428_storage_router 2.5.1-k9
cisco unity_server 2.3
cisco secure_access_control_server 3.1.1
freebsd freebsd 4.10
cisco sn_5428_storage_router 3.3.2-k9
cisco ciscoworks_access_control_list_manager 1.6
f5 tmos 9.0.5
cisco unity_server 4.0
cisco call_manager 3.3(3)
freebsd freebsd 2.1.5
microsoft windows_2003_server enterprise
cisco call_manager 3.1
cisco unity_server 2.2
cisco content_services_switch_11800 *
microsoft windows_2003_server enterprise_64-bit
cisco ciscoworks_cd1 4th
cisco webns 7.20_(03.10)s
openbsd openbsd 3.1
cisco mgx_8230 1.2.10
openbsd openbsd 3.3
f5 tmos 4.6.2
cisco secure_access_control_server 2.0
f5 tmos 4.5.9
cisco secure_access_control_server 3.2(2)
cisco unity_server 3.2
f5 tmos 4.5.10
cisco secure_access_control_server 3.3.1
openbsd openbsd 3.2
cisco mgx_8250 1.2.11
microsoft windows_2000 *
cisco ciscoworks_access_control_list_manager 1.5
freebsd freebsd 2.1.7.1
nortel callpilot 200i
openbsd openbsd 3.6
microsoft windows_2003_server web
freebsd freebsd 4.3
cisco ciscoworks_common_management_foundation 2.0
freebsd freebsd 2.0
freebsd freebsd 4.6.2
cisco secure_access_control_server 3.2.2
cisco sn_5428_storage_router 2-3.3.1-k9
f5 tmos 4.5
nortel business_communications_manager 400
cisco sn_5428_storage_router 2-3.3.2-k9
freebsd freebsd 2.1.0
cisco unity_server 3.3
freebsd freebsd 4.1
cisco call_manager 3.1(2)
cisco secure_access_control_server 2.6
cisco secure_access_control_server 3.3
nortel optical_metro_5200 *
f5 tmos 4.0
cisco secure_access_control_server 3.2.1
microsoft windows_2003_server standard
cisco conference_connection 1.2
nortel 7250_wlan_access_point *
openbsd openbsd 3.4
cisco call_manager 2.0
cisco webns 7.30_(00.09)s
cisco content_services_switch_11150 *
cisco unity_server 2.4
alaxala alaxala_networks ax7800s
f5 tmos 9.0.2
cisco secure_access_control_server 2.6.2
cisco unity_server 2.1
freebsd freebsd 3.4
freebsd freebsd 2.1.6
cisco personal_assistant 1.3(1)
cisco unity_server 2.0
cisco support_tools *
cisco ip_contact_center_express *
freebsd freebsd 5.3
yamaha rtx1500 *
nortel 7220_wlan_access_point *
freebsd freebsd 4.2
nortel callpilot 703t
freebsd freebsd 4.5
cisco secure_access_control_server 3.2(1.20)
cisco ciscoworks_common_services 2.2
cisco personal_assistant 1.4(2)
nortel universal_signaling_point 5200
yamaha rt250i *
cisco ciscoworks_cd1 1st
freebsd freebsd 4.6
cisco sn_5420_storage_router_firmware 1.1(4)
cisco remote_monitoring_suite_option *
f5 tmos 9.0.1
cisco call_manager 3.1(3a)
freebsd freebsd 4.9
cisco aironet_ap1200 *
nortel ethernet_routing_switch_1624 *
nortel business_communications_manager 1000
cisco secure_access_control_server 3.0.3
cisco webns 7.30_(00.08)s
freebsd freebsd 3.5
cisco sn_5420_storage_router_firmware 1.1(3)
nortel succession_communication_server_1000 *
cisco ciscoworks_cd1 3rd
nortel universal_signaling_point compact_lite
nortel optical_metro_5000 *
nortel ethernet_routing_switch_1612 *
cisco sn_5420_storage_router_firmware 1.1(5)
cisco ciscoworks_common_management_foundation 2.2
freebsd freebsd 3.2
f5 tmos 4.5.11
cisco call_manager 3.2
nortel ethernet_routing_switch_1648 *
openbsd openbsd 3.0
cisco secure_access_control_server 2.3
cisco secure_access_control_server 3.0
cisco sn_5428_storage_router 3.2.1-k9
freebsd freebsd 2.2
freebsd freebsd 4.7
microsoft windows_2003_server standard_64-bit
cisco webns 7.10_(05.07)s
freebsd freebsd 5.2.1
cisco secure_access_control_server 2.4
cisco web_collaboration_option *
cisco secure_access_control_server 3.3.2
cisco mgx_8250 1.2.10
f5 tmos 9.0.3
freebsd freebsd 4.4
cisco content_services_switch_11050 *
cisco ciscoworks_vpn_security_management_solution *
cisco secure_access_control_server 2.3.6.1
freebsd freebsd 2.2.8
hitachi gr3000 *
freebsd freebsd 2.0.5
cisco ip_contact_center_enterprise *
cisco emergency_responder 1.1
cisco conference_connection 1.1(1)
yamaha rtx1000 *
cisco interactive_voice_response *
cisco secure_access_control_server 2.6.4
yamaha rt300i *
f5 tmos 4.2
cisco call_manager 3.0
cisco ciscoworks_windows *
cisco mgx_8230 1.2.11
cisco agent_desktop *
cisco unity_server 3.0
cisco sn_5420_storage_router *
cisco intelligent_contact_manager 5.0
cisco secure_access_control_server 3.3(1)
freebsd freebsd 4.8
cisco secure_access_control_server 3.2
cisco call_manager 1.0
cisco secure_access_control_server 2.6.3
cisco secure_access_control_server 3.1
cisco secure_access_control_server 3.2(3)
cisco personal_assistant 1.3(4)
hitachi alaxala ax
cisco aironet_ap350 *
cisco ciscoworks_lms 1.3
cisco webns 7.20_(03.09)s
freebsd freebsd 5.4
cisco ciscoworks_1105_wireless_lan_solution_engine *
yamaha rt57i *
nortel business_communications_manager 200
f5 tmos 4.5.6
cisco call_manager 4.0
cisco ciscoworks_windows_wug *
cisco call_manager 3.3
freebsd freebsd 3.0
freebsd freebsd 2.2.5
cisco e-mail_manager *
f5 tmos 9.0
yamaha rtx2000 *
freebsd freebsd 3.5.1
freebsd freebsd 3.1
alaxala alaxala_networks ax5400s
f5 tmos 9.0.4
f5 tmos 4.5.12
freebsd freebsd 5.1
microsoft windows_xp *
cisco personal_assistant 1.3(3)
cisco sn_5420_storage_router_firmware 1.1(2)
f5 tmos 4.6
freebsd freebsd 5.2
cisco ciscoworks_common_management_foundation 2.1
cisco content_services_switch_11000 *
cisco ciscoworks_cd1 5th
cisco secure_access_control_server 3.0.1
freebsd freebsd 4.11
cisco content_services_switch_11506 *
microsoft windows_2003_server r2
cisco personal_assistant 1.4(1)
nortel survivable_remote_gateway 1.0
freebsd freebsd 2.2.2
cisco sn_5428_storage_router 3.2.2-k9
yamaha rtx1100 *
nortel optical_metro_5100 *
cisco sn_5428_storage_router 3.3.1-k9
nortel contact_center *
cisco ciscoworks_cd1 2nd
f5 tmos 4.4
openbsd openbsd 3.5
freebsd freebsd 1.1.5.1
hitachi gs4000 *
freebsd freebsd 2.1.6.1
CVE-2005-2245 HIGH

Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
f5 tmos 9.0.2
f5 tmos 9.0.4
f5 tmos 9.0.3
f5 tmos 9.1
f5 tmos 9.0.5
CVE-2006-1357 MEDIUM

Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
f5 firepass_4100 5.4.2
CVE-2006-3550 LOW

Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends."

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
f5 firepass_4100 5.4.2
CVE-2008-0539 MEDIUM

Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php in F5 BIG-IP Application Security Manager (ASM) 9.4.3 allows remote attackers to inject arbitrary web script or HTML via the report_type parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager 9.3.0
f5 big-ip_application_security_manager *
CVE-2009-3555 MEDIUM

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
gnu gnutls *
canonical ubuntu_linux 8.04
canonical ubuntu_linux 9.04
fedoraproject fedora 11
canonical ubuntu_linux 8.10
openssl openssl 1.0
canonical ubuntu_linux 10.04
f5 nginx *
apache http_server *
debian debian_linux 8.0
fedoraproject fedora 13
debian debian_linux 6.0
canonical ubuntu_linux 10.10
mozilla nss *
debian debian_linux 5.0
canonical ubuntu_linux 9.10
fedoraproject fedora 12
debian debian_linux 4.0
debian debian_linux 7.0
fedoraproject fedora 14
openssl openssl *
CVE-2010-2263 MEDIUM

nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 nginx *
CVE-2010-2266 MEDIUM

nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
f5 nginx *
CVE-2010-4180 MEDIUM

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.04
canonical ubuntu_linux 9.04
canonical ubuntu_linux 6.06
canonical ubuntu_linux 10.04
suse linux_enterprise_desktop 11
f5 nginx *
opensuse opensuse 11.2
suse linux_enterprise 11.0
suse linux_enterprise_server 10
suse linux_enterprise_server 9
fedoraproject fedora 13
canonical ubuntu_linux 10.10
opensuse opensuse 11.3
debian debian_linux 5.0
opensuse opensuse 11.1
fedoraproject fedora 14
openssl openssl *
opensuse opensuse 11.4
suse linux_enterprise_desktop 10
CVE-2011-3188 MEDIUM

The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 arx *
f5 big-ip_application_security_manager *
f5 big-ip_wan_optimization_manager *
f5 enterprise_manager 3.0.0
f5 big-ip_protocol_security_module *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
redhat enterprise_linux 4.0
f5 firepass 7.0.0
f5 big-ip_edge_gateway *
f5 enterprise_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 firepass *
CVE-2011-4315 MEDIUM

Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 16
suse studio 1.2
f5 nginx *
suse studio_onsite 1.2
suse webyast 1.2
CVE-2012-1180 MEDIUM

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
debian debian_linux 6.0
fedoraproject fedora 16
f5 nginx *
fedoraproject fedora 17
fedoraproject fedora 15
CVE-2012-1493 HIGH

F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager 10.2.3
f5 tmos 9.1.3
f5 big-ip_local_traffic_manager 10.0.0
f5 tmos 9.4.2
f5 tmos 9.3
f5 tmos 4.3
f5 tmos 9.1.1
f5 tmos 9.2.5
f5 big-ip_8950 *
f5 big-ip_8800 *
f5 tmos 9.0.1
f5 big-ip_global_traffic_manager 11.0.0
f5 big-ip_application_security_manager 10.2.3
f5 tmos 2.0
f5 tmos 9.4.7
f5 big-ip_6400 *
f5 tmos 4.5.11
f5 big-ip_application_security_manager 9.2.0
f5 enterprise_manager 2.0
f5 enterprise_manager 2.1.0
f5 tmos 9.0.5
f5 big-ip_local_traffic_manager 9.4.8
f5 tmos 9.4.8
f5 big-ip_3900 *
f5 tmos 9.0.3
f5 tmos 9.4.3
f5 big-ip_global_traffic_manager 9.4.8
f5 tmos 10.0.0
f5 big-ip_11050 *
f5 big-ip_application_security_manager 10.0.1
f5 tmos 10.0.1
f5 big-ip_5110 *
f5 big-ip_application_security_manager 9.4.4
f5 big-ip_2400 *
f5 tmos 9.2.3
f5 big-ip_11000 *
f5 tmos 4.6.2
f5 big-ip_1000 *
f5 tmos 4.5.9
f5 tmos 10.2.0
f5 big-ip_application_security_manager 9.4.8
f5 big-ip_application_security_manager 10.0.0
f5 tmos 9.1.2
f5 enterprise_manager 1.0
f5 big-ip_local_traffic_manager 9.0.0
f5 big-ip_application_security_manager 11.1.0
f5 tmos 4.5.10
f5 big-ip_1600 *
f5 tmos 9.4.5
f5 tmos 4.2
f5 big-ip_local_traffic_manager 11.1.0
f5 big-ip_global_traffic_manager 9.2.2
f5 tmos 9.3.1
f5 big-ip_global_traffic_manager 10.2.3
f5 big-ip_global_traffic_manager 10.0.0
f5 big-ip_global_traffic_manager 11.1.0
f5 big-ip_application_security_manager 9.4.7
f5 tmos 9.4
f5 tmos 9.2
f5 big-ip_4100 *
f5 tmos 4.5
f5 tmos 9.1
f5 tmos 9.2.4
f5 big-ip_local_traffic_manager 11.0.0
f5 tmos 4.5.6
f5 tmos *
f5 big-ip_5100 *
f5 tmos 9.6.1
f5 big-ip_global_traffic_manager *
f5 big-ip_3600 *
f5 tmos 9.4.6
f5 big-ip_6900 *
f5 tmos 9.0
f5 tmos 4.0
f5 tmos 9.4.1
f5 big-ip_3410 *
f5 tmos 9.0.4
f5 tmos 4.5.12
f5 big-ip_application_security_manager 9.4.5
f5 tmos 9.2.2
f5 tmos 4.6
f5 tmos 9.0.2
f5 big-ip_3400 *
f5 enterprise_manager *
f5 big-ip_8900 *
f5 big-ip_1500 *
f5 big-ip_8400 *
f5 tmos 10.1.0
f5 enterprise_manager 2.2.0
f5 tmos 9.6.0
f5 enterprise_manager 2.3.0
f5 tmos 9.4.4
f5 big-ip_application_security_manager 9.4.6
f5 tmos 4.4
f5 big-ip_application_security_manager 11.0.0
f5 big-ip_6800 *
CVE-2012-1777 HIGH

SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
f5 firepass 7.0.0
f5 firepass 6.0
f5 firepass 6.1.0
CVE-2012-2053 HIGH

The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
f5 firepass 7.0.0
f5 firepass 6.0
f5 firepass 6.1.0
CVE-2012-2089 MEDIUM

Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
fedoraproject fedora 16
f5 nginx *
fedoraproject fedora 17
fedoraproject fedora 15
CVE-2013-0150 HIGH

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_wan_optimization_manager *
f5 big-ip_protocol_security_module *
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 firepass 7.0.0
f5 big-ip_edge_gateway *
f5 big-ip_global_traffic_manager *
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_analytics *
f5 firepass *
CVE-2013-0337 HIGH

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
f5 nginx 1.1.14
f5 nginx 1.1.13
f5 nginx 1.3.9
f5 nginx 1.1.4
f5 nginx 1.3.3
f5 nginx 1.1.0
f5 nginx 1.1.16
f5 nginx 1.3.0
f5 nginx 1.0.13
f5 nginx 1.1.5
f5 nginx 1.1.18
f5 nginx 1.3.4
f5 nginx 1.1.3
f5 nginx 1.3.6
f5 nginx 1.1.9
f5 nginx 1.1.10
f5 nginx 1.2.0
f5 nginx 1.0.15
f5 nginx 1.3.12
f5 nginx 1.0.8
f5 nginx 1.3.5
f5 nginx 1.3.7
f5 nginx *
f5 nginx 1.0.12
f5 nginx 1.0.7
f5 nginx 1.1.15
f5 nginx 1.3.1
f5 nginx 1.0.4
f5 nginx 1.0.5
f5 nginx 1.3.8
f5 nginx 1.1.19
f5 nginx 1.0.0
f5 nginx 1.0.9
f5 nginx 1.0.3
f5 nginx 1.0.6
f5 nginx 1.1.7
f5 nginx 1.1.1
f5 nginx 1.1.12
f5 nginx 1.3.10
f5 nginx 1.0.11
f5 nginx 1.0.2
f5 nginx 1.3.2
f5 nginx 1.3.11
f5 nginx 1.1.2
f5 nginx 1.0.14
f5 nginx 1.0.1
f5 nginx 1.1.8
f5 nginx 1.0.10
f5 nginx 1.1.17
f5 nginx 1.1.6
f5 nginx 1.1.11
CVE-2013-2028 HIGH

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
f5 nginx *
fedoraproject fedora 19
CVE-2013-2070 MEDIUM

http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 6.0
f5 nginx *
debian debian_linux 7.0
CVE-2013-3587 MEDIUM

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 arx *
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_wan_optimization_manager *
f5 big-ip_protocol_security_module *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 firepass 7.0.0
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 firepass *
f5 big-ip_local_traffic_manager 13.0.0
CVE-2013-4547 HIGH

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-116,

Products Affected

Vendor Product Version
suse lifecycle_management_server 1.3
opensuse opensuse 12.2
f5 nginx *
suse studio_onsite 1.3
suse webyast 1.3
opensuse opensuse 12.3
opensuse opensuse 13.1
opensuse opensuse 11.4
CVE-2013-5975 MEDIUM

The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 11.1.0
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_access_policy_manager 11.2.0
CVE-2013-5976 MEDIUM

Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web script or HTML via the LastMRH_Session cookie.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 11.1.0
f5 big-ip_access_policy_manager 10.2.4
f5 big-ip_access_policy_manager 11.0.0
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_access_policy_manager 10.1.0
CVE-2013-6016 HIGH

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.3.0 might change a TCP connection to the ESTABLISHED state before receiving the ACK packet, which allows remote attackers to cause a denial of service (SIGFPE or assertion failure and TMM restart) via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_protocol_security_module 10.2.3
f5 big-ip_webaccelerator 9.4.3
f5 big-ip_webaccelerator 10.0.1
f5 big-ip_protocol_security_module 11.0.0
f5 big-ip_local_traffic_manager 10.0.0
f5 big-ip_access_policy_manager 10.1.0
f5 big-ip_global_traffic_manager 10.2.1
f5 big-ip_edge_gateway 10.1.0
f5 big-ip_webaccelerator 11.0.0
f5 big-ip_protocol_security_module 9.4.6
f5 big-ip_protocol_security_module 10.1.0
f5 big-ip_webaccelerator 9.4.0
f5 big-ip_link_controller 10.0.0
f5 big-ip_wan_optimization_manager 10.1.0
f5 big-ip_link_controller 11.0.0
f5 big-ip_webaccelerator 10.2.3
f5 big-ip_application_security_manager 10.2.0
f5 big-ip_global_traffic_manager 10.0.0
f5 big-ip_wan_optimization_manager 10.2.0
f5 big-ip_global_traffic_manager 11.0.0
f5 big-ip_protocol_security_module 10.2.2
f5 big-ip_wan_optimization_manager 10.0.1
f5 big-ip_protocol_security_module 11.1.0
f5 big-ip_edge_gateway 10.2.2
f5 big-ip_local_traffic_manager 10.1.0
f5 big-ip_local_traffic_manager 10.2.2
f5 big-ip_global_traffic_manager 10.2.0
f5 big-ip_webaccelerator 9.4.8
f5 big-ip_wan_optimization_manager 10.2.1
f5 big-ip_webaccelerator 9.4.6
f5 big-ip_local_traffic_manager 10.0.1
f5 big-ip_local_traffic_manager 11.0.0
f5 big-ip_protocol_security_module 10.2.1
f5 big-ip_access_policy_manager 10.2.0
f5 big-ip_wan_optimization_manager 11.0.0
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_application_security_manager 10.2.1
f5 big-ip_global_traffic_manager 10.0.1
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_access_policy_manager 10.2.1
f5 big-ip_protocol_security_module 10.0.1
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_webaccelerator 10.2.0
f5 big-ip_protocol_security_module 10.2.0
f5 big-ip_access_policy_manager 11.0.0
f5 big-ip_webaccelerator 10.0.0
f5 big-ip_global_traffic_manager 10.2.2
f5 big-ip_link_controller 10.1.0
f5 big-ip_access_policy_manager 10.2.2
f5 big-ip_webaccelerator 10.1.0
f5 big-ip_webaccelerator 11.2.0
f5 big-ip_edge_gateway 11.0.0
f5 big-ip_protocol_security_module 9.4.8
f5 big-ip_wan_optimization_manager 10.2.2
f5 big-ip_edge_gateway 10.2.1
f5 big-ip_protocol_security_module 11.2.0
f5 big-ip_webaccelerator 9.4.7
f5 big-ip_webaccelerator 10.2.4
f5 big-ip_protocol_security_module 9.4.5
f5 big-ip_protocol_security_module 10.0.0
f5 big-ip_link_controller 10.2.2
f5 big-ip_webaccelerator 9.4.5
f5 big-ip_protocol_security_module 10.2.4
f5 big-ip_application_security_manager 10.2.2
f5 big-ip_link_controller 10.2.1
f5 big-ip_application_security_manager 10.0.1
f5 big-ip_global_traffic_manager 10.1.0
f5 big-ip_webaccelerator 9.4.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_webaccelerator 11.1.0
f5 big-ip_application_security_manager 10.1.0
f5 big-ip_protocol_security_module 9.4.7
f5 big-ip_link_controller 10.2.0
f5 big-ip_webaccelerator 9.4.1
f5 big-ip_local_traffic_manager 10.2.1
f5 big-ip_webaccelerator 10.2.2
f5 big-ip_edge_gateway 10.2.0
f5 big-ip_local_traffic_manager 10.2.0
f5 big-ip_webaccelerator 10.2.1
f5 big-ip_application_security_manager 10.0.0
f5 big-ip_wan_optimization_manager 10.0.0
f5 big-ip_link_controller 10.0.1
f5 big-ip_webaccelerator 9.4.4
f5 big-ip_application_security_manager 11.0.0
CVE-2013-6024 MEDIUM

The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 11.1.0
f5 big-ip_access_policy_manager 10.2.4
f5 big-ip_access_policy_manager 11.0.0
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_access_policy_manager 10.1.0
f5 big-ip_edge_gateway 10.1.0
f5 big-ip_access_policy_manager 11.2.0
f5 firepass 6.0.0
f5 firepass 6.1.0
f5 firepass 7.0.0
f5 big-ip_edge_gateway 11.0.0
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_edge_gateway 10.2.4
f5 big-ip_edge_gateway 11.5.0
CVE-2013-7408 HIGH

F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
f5 big-ip_analytics 11.3.0
f5 big-ip_analytics 11.0.0
f5 big-ip_analytics 11.1.0
f5 big-ip_analytics 11.2.1
f5 big-ip_analytics 11.2.0
CVE-2014-0088 HIGH

The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
f5 nginx 1.5.10
CVE-2014-0101 HIGH

The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
redhat enterprise_linux_desktop 6.0
canonical ubuntu_linux 10.04
f5 big-ip_application_security_manager *
redhat enterprise_linux_server_aus 6.4
f5 big-ip_wan_optimization_manager *
f5 big-iq_security *
f5 big-iq_device *
f5 big-ip_protocol_security_module *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
redhat enterprise_linux_server 6.0
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
redhat enterprise_linux_eus 6.4
f5 big-ip_enterprise_manager *
f5 big-ip_analytics *
linux linux_kernel *
redhat enterprise_linux_eus 6.3
f5 big-iq_adc 4.5.0
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management 4.6.0
redhat enterprise_linux_server_aus 6.5
f5 big-iq_cloud *
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_tus 6.5
f5 big-ip_global_traffic_manager *
redhat enterprise_linux_eus 6.5
CVE-2014-0133 HIGH

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
f5 nginx *
opensuse opensuse 13.1
CVE-2014-0196 MEDIUM

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-362,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
canonical ubuntu_linux 10.04
f5 big-iq_application_delivery_controller 4.5.0
f5 big-ip_application_security_manager *
f5 big-ip_wan_optimization_manager *
canonical ubuntu_linux 14.04
f5 big-iq_security *
f5 enterprise_manager 3.1.1
f5 big-iq_device *
f5 big-ip_protocol_security_module *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
linux linux_kernel 2.6.31
canonical ubuntu_linux 12.04
f5 big-iq_cloud_and_orchestration 1.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 enterprise_manager 3.1.0
f5 big-ip_application_acceleration_manager *
redhat enterprise_linux_eus 6.4
f5 enterprise_manager *
canonical ubuntu_linux 12.10
canonical ubuntu_linux 13.10
f5 big-ip_analytics *
linux linux_kernel *
suse suse_linux_enterprise_desktop 11
redhat enterprise_linux_eus 6.3
suse suse_linux_enterprise_server 11
redhat enterprise_linux_server_eus 6.3
redhat enterprise_linux 6.0
debian debian_linux 6.0
suse suse_linux_enterprise_high_availability_extension 11
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management 4.6.0
f5 big-iq_cloud *
f5 big-ip_global_traffic_manager *
oracle linux 6
debian debian_linux 7.0
CVE-2014-2927 HIGH

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
f5 big-ip_protocol_security_module 10.2.3
f5 big-ip_local_traffic_manager 10.2.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_webaccelerator 11.0.0
f5 big-ip_protocol_security_module 10.1.0
f5 arx 6.2.0
f5 big-ip_application_security_manager 10.2.0
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_global_traffic_manager 11.0.0
f5 big-ip_wan_optimization_manager 10.0.1
f5 big-ip_local_traffic_manager 10.1.0
f5 big-ip_local_traffic_manager 10.2.2
f5 big-ip_edge_gateway 11.1.0
f5 big-iq_cloud 4.3.0
f5 big-ip_analytics 11.5.1
f5 big-ip_access_policy_manager 11.2.0
f5 big-ip_edge_gateway 11.2.0
f5 firepass 6.0.2
f5 big-ip_access_policy_manager 10.2.0
f5 big-ip_application_security_manager 10.2.1
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_local_traffic_manager 11.2.1
f5 big-iq_cloud 4.2.0
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_webaccelerator 10.2.0
f5 big-ip_protocol_security_module 10.2.0
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_access_policy_manager 10.2.2
f5 firepass 7.0.0
f5 big-ip_webaccelerator 11.2.0
f5 big-ip_analytics 11.6.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_link_controller 10.2.2
f5 big-ip_application_security_manager 10.2.2
f5 big-ip_application_security_manager 10.0.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_edge_gateway 10.2.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_local_traffic_manager 10.2.0
f5 big-ip_analytics 11.1.0
f5 firepass 6.0.3
f5 big-ip_link_controller 10.2.4
f5 big-ip_link_controller 11.4.1
f5 big-ip_wan_optimization_manager 10.0.0
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_webaccelerator 10.0.1
f5 big-iq_device 4.2.0
f5 big-ip_access_policy_manager 11.6.0
f5 enterprise_manager 3.1.1
f5 big-ip_wan_optimization_manager 10.1.0
f5 big-ip_link_controller 11.0.0
f5 big-ip_webaccelerator 10.2.3
f5 big-ip_global_traffic_manager 10.2.3
f5 big-ip_global_traffic_manager 10.0.0
f5 big-iq_security 4.2.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_edge_gateway 10.2.2
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_wan_optimization_manager 10.2.1
f5 big-ip_global_traffic_manager 11.3.0
f5 big-ip_local_traffic_manager 10.0.1
f5 big-ip_local_traffic_manager 11.0.0
f5 big-ip_protocol_security_module 10.2.1
f5 big-iq_cloud 4.1.0
f5 big-ip_wan_optimization_manager 11.0.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_analytics 11.2.0
f5 arx 6.4.0
f5 big-ip_wan_optimization_manager 10.2.4
f5 firepass 6.0.1
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 10.2.4
f5 big-ip_local_traffic_manager 11.2.0
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_webaccelerator 10.1.0
f5 big-ip_edge_gateway 10.2.1
f5 big-ip_application_acceleration_manager 11.4.0
f5 enterprise_manager 3.1.0
f5 big-ip_protocol_security_module 10.0.0
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_protocol_security_module 10.2.4
f5 enterprise_manager 2.2.0
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 10.2.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_analytics 11.3.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_global_traffic_manager 10.2.4
f5 big-ip_wan_optimization_manager 11.3.0
f5 big-ip_application_security_manager 11.0.0
f5 big-ip_protocol_security_module 11.0.0
f5 big-ip_local_traffic_manager 10.0.0
f5 big-ip_global_traffic_manager 10.2.1
f5 arx 6.1.1
f5 big-iq_cloud 4.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.2.0
f5 big-ip_link_controller 10.0.0
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_wan_optimization_manager 10.2.0
f5 big-ip_protocol_security_module 10.2.2
f5 big-ip_application_security_manager 10.2.3
f5 big-ip_protocol_security_module 11.1.0
f5 big-ip_access_policy_manager 11.1.0
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_wan_optimization_manager 11.2.0
f5 big-ip_global_traffic_manager 11.4.0
f5 firepass 6.0.0
f5 big-ip_global_traffic_manager 11.2.0
f5 big-ip_link_controller 11.3.0
f5 big-ip_access_policy_manager 11.5.0
f5 enterprise_manager 2.1.0
f5 big-ip_access_policy_manager 10.2.1
f5 big-ip_access_policy_manager 11.0.0
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_edge_gateway 10.2.3
f5 big-ip_wan_optimization_manager 11.1.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_edge_gateway 11.0.0
f5 big-ip_wan_optimization_manager 10.2.2
f5 big-ip_protocol_security_module 11.2.0
f5 big-ip_webaccelerator 10.2.4
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_link_controller 10.2.1
f5 big-ip_global_traffic_manager 10.1.0
f5 big-iq_security 4.1.0
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_local_traffic_manager 10.2.1
f5 big-ip_webaccelerator 10.2.2
f5 big-ip_link_controller 10.2.3
f5 big-iq_security 4.0.0
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_webaccelerator 10.2.1
f5 big-ip_application_security_manager 10.0.0
f5 big-ip_application_security_manager 11.1.0
f5 big-ip_access_policy_manager 10.2.4
f5 big-ip_access_policy_manager 10.1.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_edge_gateway 10.1.0
f5 big-ip_analytics 11.2.1
f5 big-ip_access_policy_manager 10.2.3
f5 big-ip_local_traffic_manager 11.1.0
f5 arx 6.1.0
f5 big-iq_device 4.3.0
f5 big-iq_security 4.3.0
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_global_traffic_manager 11.1.0
f5 big-ip_global_traffic_manager 10.2.0
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_wan_optimization_manager 10.2.3
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_analytics 11.4.1
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_security_manager 11.2.0
f5 big-ip_local_traffic_manager 10.2.4
f5 big-ip_global_traffic_manager 10.0.1
f5 big-ip_local_traffic_manager 11.4.1
f5 arx 6.0.0
f5 big-ip_protocol_security_module 10.0.1
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_webaccelerator 10.0.0
f5 enterprise_manager 3.0.0
f5 big-ip_global_traffic_manager 10.2.2
f5 firepass 6.1.0
f5 big-ip_link_controller 10.1.0
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_security_manager 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_link_controller 11.1.0
f5 big-ip_link_controller 11.6.0
f5 big-ip_analytics 11.0.0
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_webaccelerator 11.1.0
f5 big-ip_application_security_manager 10.1.0
f5 arx 6.3.0
f5 enterprise_manager 2.3.0
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_link_controller 11.4.0
f5 big-ip_edge_gateway 10.2.4
f5 big-ip_link_controller 10.0.1
CVE-2014-2928 HIGH

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
f5 big-ip_protocol_security_module 10.2.3
f5 big-ip_webaccelerator 9.4.3
f5 big-ip_webaccelerator 10.0.1
f5 big-ip_protocol_security_module 11.0.0
f5 big-ip_local_traffic_manager 10.0.0
f5 big-ip_access_policy_manager 10.1.0
f5 big-ip_global_traffic_manager 10.2.1
f5 big-ip_edge_gateway 10.1.0
f5 big-ip_webaccelerator 11.0.0
f5 big-ip_protocol_security_module 9.4.6
f5 big-ip_protocol_security_module 10.1.0
f5 big-ip_webaccelerator 9.4.0
f5 big-ip_link_controller 10.0.0
f5 big-ip_wan_optimization_manager 10.1.0
f5 big-ip_link_controller 11.0.0
f5 big-ip_webaccelerator 10.2.3
f5 big-ip_application_security_manager 10.2.0
f5 big-ip_global_traffic_manager 10.0.0
f5 big-ip_wan_optimization_manager 10.2.0
f5 big-ip_global_traffic_manager 11.0.0
f5 big-ip_protocol_security_module 10.2.2
f5 big-ip_wan_optimization_manager 10.0.1
f5 big-ip_protocol_security_module 11.1.0
f5 big-ip_edge_gateway 10.2.2
f5 big-ip_local_traffic_manager 10.1.0
f5 big-ip_local_traffic_manager 10.2.2
f5 big-ip_global_traffic_manager 10.2.0
f5 big-ip_webaccelerator 9.4.8
f5 big-ip_wan_optimization_manager 10.2.1
f5 big-ip_webaccelerator 9.4.6
f5 big-ip_local_traffic_manager 10.0.1
f5 big-ip_local_traffic_manager 11.0.0
f5 big-ip_protocol_security_module 10.2.1
f5 big-ip_access_policy_manager 10.2.0
f5 big-ip_wan_optimization_manager 11.0.0
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_application_security_manager 10.2.1
f5 big-ip_global_traffic_manager 10.0.1
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_access_policy_manager 10.2.1
f5 big-ip_protocol_security_module 10.0.1
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_webaccelerator 10.2.0
f5 big-ip_protocol_security_module 10.2.0
f5 big-ip_access_policy_manager 11.0.0
f5 big-ip_webaccelerator 10.0.0
f5 big-ip_global_traffic_manager 10.2.2
f5 big-ip_link_controller 10.1.0
f5 big-ip_access_policy_manager 10.2.2
f5 big-ip_webaccelerator 10.1.0
f5 big-ip_webaccelerator 11.2.0
f5 big-ip_edge_gateway 11.0.0
f5 big-ip_protocol_security_module 9.4.8
f5 big-ip_wan_optimization_manager 10.2.2
f5 big-ip_edge_gateway 10.2.1
f5 big-ip_protocol_security_module 11.2.0
f5 big-ip_webaccelerator 9.4.7
f5 big-ip_webaccelerator 10.2.4
f5 big-ip_protocol_security_module 9.4.5
f5 big-ip_protocol_security_module 10.0.0
f5 big-ip_link_controller 10.2.2
f5 big-ip_webaccelerator 9.4.5
f5 big-ip_protocol_security_module 10.2.4
f5 big-ip_application_security_manager 10.2.2
f5 big-ip_link_controller 10.2.1
f5 big-ip_application_security_manager 10.0.1
f5 big-ip_global_traffic_manager 10.1.0
f5 big-ip_webaccelerator 9.4.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_webaccelerator 11.1.0
f5 big-ip_application_security_manager 10.1.0
f5 big-ip_protocol_security_module 9.4.7
f5 big-ip_link_controller 10.2.0
f5 big-ip_webaccelerator 9.4.1
f5 big-ip_local_traffic_manager 10.2.1
f5 big-ip_webaccelerator 10.2.2
f5 big-ip_edge_gateway 10.2.0
f5 big-ip_local_traffic_manager 10.2.0
f5 big-ip_webaccelerator 10.2.1
f5 big-ip_application_security_manager 10.0.0
f5 big-ip_wan_optimization_manager 10.0.0
f5 big-ip_link_controller 10.0.1
f5 big-ip_webaccelerator 9.4.4
f5 big-ip_application_security_manager 11.0.0
CVE-2014-2949 MEDIUM

SQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
f5 arx_data_manager 3.0.0
f5 arx_data_manager 3.1.0
CVE-2014-3220 HIGH

F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
f5 big-iq 4.1.0.2013.0
CVE-2014-3467 MEDIUM

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 5.0
redhat virtualization 6.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.4
suse linux_enterprise_software_development_kit 11
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.5
f5 arx_firmware *
redhat enterprise_linux_server 6.0
gnu libtasn1 *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 7.6
gnu gnutls *
suse linux_enterprise_high_availability_extension 11
redhat enterprise_linux_server_aus 7.3
suse linux_enterprise_desktop 11
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
suse linux_enterprise_server 11
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 6.5
debian debian_linux 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.7
CVE-2014-3468 HIGH

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-131,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 5.0
redhat virtualization 6.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.4
suse linux_enterprise_software_development_kit 11
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 7.5
f5 arx_firmware *
redhat enterprise_linux_server 6.0
gnu libtasn1 *
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 7.6
gnu gnutls *
suse linux_enterprise_high_availability_extension 11
redhat enterprise_linux_server_aus 7.3
suse linux_enterprise_desktop 11
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
suse linux_enterprise_server 11
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_eus 6.5
debian debian_linux 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.7
CVE-2014-3556 MEDIUM

The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
f5 nginx *
CVE-2014-3616 MEDIUM

nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-613,

Products Affected

Vendor Product Version
f5 nginx *
debian debian_linux 7.0
debian debian_linux 8.0
CVE-2014-3959 MEDIUM

Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_analytics 11.2.1
f5 big-ip_advanced_firewall_manager 11.2.1
f5 big-ip_link_controller 11.5.1
f5 enterprise_manager 3.0.0
f5 enterprise_manager 3.1.1
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_analytics 11.5.1
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_wan_optimization_manager 11.3.0
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_protocol_security_module 11.4.1
CVE-2014-4023 MEDIUM

Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before 11.6.0, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0 and 10.1.0 through 10.2.4, and PSM 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_protocol_security_module 10.2.3
f5 big-ip_local_traffic_manager 10.2.3
f5 big-ip_protocol_security_module 11.0.0
f5 big-ip_global_traffic_manager 10.2.1
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_webaccelerator 11.0.0
f5 big-ip_protocol_security_module 10.1.0
f5 big-ip_analytics 11.5.0
f5 big-ip_link_controller 11.2.0
f5 big-ip_application_security_manager 10.2.0
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_wan_optimization_manager 10.2.0
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_global_traffic_manager 11.0.0
f5 big-ip_protocol_security_module 10.2.2
f5 big-ip_application_security_manager 10.2.3
f5 big-ip_protocol_security_module 11.1.0
f5 big-ip_local_traffic_manager 10.1.0
f5 big-ip_local_traffic_manager 10.2.2
f5 big-ip_edge_gateway 11.1.0
f5 big-ip_access_policy_manager 11.1.0
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_wan_optimization_manager 11.2.0
f5 big-ip_analytics 11.5.1
f5 big-ip_access_policy_manager 11.2.0
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_edge_gateway 11.2.0
f5 big-ip_global_traffic_manager 11.2.0
f5 big-ip_access_policy_manager 10.2.0
f5 big-ip_link_controller 11.3.0
f5 big-ip_application_security_manager 10.2.1
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_protocol_security_module 11.2.1
f5 enterprise_manager 2.1.0
f5 big-ip_access_policy_manager 10.2.1
f5 big-ip_webaccelerator 10.2.0
f5 big-ip_protocol_security_module 10.2.0
f5 big-ip_access_policy_manager 11.0.0
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_edge_gateway 10.2.3
f5 big-ip_wan_optimization_manager 11.1.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_access_policy_manager 10.2.2
f5 big-ip_webaccelerator 11.2.0
f5 big-ip_edge_gateway 11.0.0
f5 big-ip_wan_optimization_manager 10.2.2
f5 big-ip_protocol_security_module 11.2.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_webaccelerator 10.2.4
f5 big-ip_link_controller 10.2.2
f5 big-ip_application_security_manager 10.2.2
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_link_controller 10.2.1
f5 big-ip_global_traffic_manager 10.1.0
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_local_traffic_manager 10.2.1
f5 big-ip_webaccelerator 10.2.2
f5 big-ip_edge_gateway 10.2.0
f5 big-ip_link_controller 10.2.3
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_local_traffic_manager 10.2.0
f5 big-ip_analytics 11.1.0
f5 big-ip_link_controller 10.2.4
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_webaccelerator 10.2.1
f5 big-ip_link_controller 11.4.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_application_security_manager 11.1.0
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_access_policy_manager 10.2.4
f5 big-ip_access_policy_manager 10.1.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_edge_gateway 10.1.0
f5 big-ip_analytics 11.2.1
f5 big-ip_access_policy_manager 10.2.3
f5 big-ip_local_traffic_manager 11.1.0
f5 enterprise_manager 3.1.1
f5 big-ip_wan_optimization_manager 10.1.0
f5 big-ip_link_controller 11.0.0
f5 big-ip_webaccelerator 10.2.3
f5 big-ip_global_traffic_manager 10.2.3
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_global_traffic_manager 11.1.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_edge_gateway 10.2.2
f5 big-ip_global_traffic_manager 10.2.0
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_wan_optimization_manager 10.2.3
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_wan_optimization_manager 10.2.1
f5 big-ip_global_traffic_manager 11.3.0
f5 big-ip_local_traffic_manager 11.0.0
f5 big-ip_analytics 11.4.1
f5 big-ip_protocol_security_module 10.2.1
f5 big-ip_wan_optimization_manager 11.0.0
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_security_manager 11.2.0
f5 big-ip_local_traffic_manager 10.2.4
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_analytics 11.2.0
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_wan_optimization_manager 10.2.4
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_application_security_manager 10.2.4
f5 big-ip_local_traffic_manager 11.2.0
f5 enterprise_manager 3.0.0
f5 big-ip_global_traffic_manager 10.2.2
f5 big-ip_link_controller 10.1.0
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_webaccelerator 10.1.0
f5 big-ip_edge_gateway 10.2.1
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_application_security_manager 11.3.0
f5 enterprise_manager 3.1.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_protocol_security_module 10.2.4
f5 big-ip_link_controller 11.1.0
f5 big-ip_analytics 11.0.0
f5 enterprise_manager 2.2.0
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_webaccelerator 11.1.0
f5 big-ip_application_security_manager 10.1.0
f5 big-ip_link_controller 10.2.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_analytics 11.3.0
f5 enterprise_manager 2.3.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_global_traffic_manager 10.2.4
f5 big-ip_wan_optimization_manager 11.3.0
f5 big-ip_link_controller 11.4.0
f5 big-ip_edge_gateway 10.2.4
f5 big-ip_application_security_manager 11.0.0
CVE-2014-4024 MEDIUM

SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer (SSL) accelerator cards, might allow remote attackers to have unspecified impact via a timing side-channel attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_wan_optimization_manager *
f5 big-ip_protocol_security_module *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2014-4027 LOW

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-iq_application_delivery_controller 4.5.0
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_security_manager *
f5 big-ip_wan_optimization_manager *
f5 big-iq_security *
f5 big-ip_application_security_manager 12.0.0
f5 big-iq_device *
f5 big-ip_protocol_security_module *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
canonical ubuntu_linux 12.04
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 enterprise_manager *
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_analytics *
linux linux_kernel *
suse linux_enterprise_high_availability_extension 11
f5 big-ip_local_traffic_manager 12.0.0
suse linux_enterprise_desktop 11
f5 big-ip_advanced_firewall_manager 12.0.0
redhat enterprise_linux 6.0
suse linux_enterprise_real_time_extension 11
f5 big-ip_advanced_firewall_manager *
f5 big-ip_link_controller 12.0.0
suse linux_enterprise_server 11
f5 big-iq_cloud *
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics 12.0.0
CVE-2014-5209 MEDIUM

An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 websafe 1.0.0
f5 big-ip_policy_enforcement_manager 15.0.0
f5 big-ip_analytics 11.2.1
f5 mobilesafe 1.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_wan_optimization_manager *
f5 big-iq_security *
f5 enterprise_manager 3.1.1
f5 big-iq_device *
f5 big-ip_application_acceleration_manager 15.0.0
f5 big-ip_protocol_security_module *
f5 big-ip_access_policy_manager 15.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_edge_gateway 11.2.1
f5 big-iq_cloud_and_orchestration 1.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_link_controller 11.2.1
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_analytics *
f5 big-ip_domain_name_system 15.0.0
ntp ntp 4.2.7
f5 big-ip_advanced_firewall_manager 15.0.0
f5 big-ip_access_policy_manager 11.2.1
f5 big-iq_adc 4.5.0
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_local_traffic_manager 15.0.0
f5 big-ip_link_controller 15.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_analytics 15.0.0
f5 big-iq_centralized_management 4.6.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-iq_cloud *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager 15.0.0
f5 big-ip_global_traffic_manager 11.2.1
f5 iworkflow *
CVE-2014-6031 MEDIUM

Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and Enterprise Manager 2.1.0 through 2.3.0 and 3.x before 3.1.1 HF5 allows remote authenticated administrators to cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
f5 big-ip_protocol_security_module 10.2.3
f5 big-ip_local_traffic_manager 10.2.3
f5 big-ip_link_controller 11.5.2
f5 big-ip_protocol_security_module 11.0.0
f5 big-ip_local_traffic_manager 10.0.0
f5 big-ip_global_traffic_manager 10.2.1
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_webaccelerator 11.0.0
f5 big-ip_protocol_security_module 10.1.0
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.2.0
f5 big-ip_enterprise_manager 3.1.0
f5 big-ip_link_controller 10.0.0
f5 big-ip_application_security_manager 10.2.0
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_wan_optimization_manager 10.2.0
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_global_traffic_manager 11.0.0
f5 big-ip_protocol_security_module 10.2.2
f5 big-ip_application_security_manager 10.2.3
f5 big-ip_protocol_security_module 11.1.0
f5 big-ip_local_traffic_manager 10.1.0
f5 big-ip_local_traffic_manager 10.2.2
f5 big-ip_edge_gateway 11.1.0
f5 big-ip_enterprise_manager 3.1.1
f5 big-ip_access_policy_manager 11.1.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_wan_optimization_manager 11.2.0
f5 big-ip_analytics 11.5.1
f5 big-ip_access_policy_manager 11.2.0
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_edge_gateway 11.2.0
f5 big-ip_global_traffic_manager 11.2.0
f5 big-ip_access_policy_manager 10.2.0
f5 big-ip_link_controller 11.3.0
f5 big-ip_enterprise_manager 2.3.0
f5 big-ip_application_security_manager 10.2.1
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_access_policy_manager 10.2.1
f5 big-ip_webaccelerator 10.2.0
f5 big-ip_protocol_security_module 10.2.0
f5 big-ip_access_policy_manager 11.0.0
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_edge_gateway 10.2.3
f5 big-ip_wan_optimization_manager 11.1.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_access_policy_manager 10.2.2
f5 big-ip_webaccelerator 11.2.0
f5 big-ip_edge_gateway 11.0.0
f5 big-ip_wan_optimization_manager 10.2.2
f5 big-ip_protocol_security_module 11.2.0
f5 big-ip_analytics 11.6.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_webaccelerator 10.2.4
f5 big-ip_link_controller 10.2.2
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_application_security_manager 10.2.2
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_link_controller 10.2.1
f5 big-ip_global_traffic_manager 10.1.0
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_local_traffic_manager 10.2.1
f5 big-ip_webaccelerator 10.2.2
f5 big-ip_edge_gateway 10.2.0
f5 big-ip_link_controller 10.2.3
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_local_traffic_manager 10.2.0
f5 big-ip_analytics 11.1.0
f5 big-ip_link_controller 10.2.4
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_webaccelerator 10.2.1
f5 big-ip_link_controller 11.4.1
f5 big-ip_application_security_manager 10.0.0
f5 big-ip_wan_optimization_manager 10.0.0
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_application_security_manager 11.1.0
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_access_policy_manager 10.2.4
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_access_policy_manager 10.1.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_edge_gateway 10.1.0
f5 big-ip_analytics 11.2.1
f5 big-ip_access_policy_manager 10.2.3
f5 big-ip_local_traffic_manager 11.1.0
f5 big-ip_analytics 11.5.2
f5 big-ip_wan_optimization_manager 10.1.0
f5 big-ip_link_controller 11.0.0
f5 big-ip_webaccelerator 10.2.3
f5 big-ip_global_traffic_manager 10.2.3
f5 big-ip_global_traffic_manager 10.0.0
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_global_traffic_manager 11.1.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_edge_gateway 10.2.2
f5 big-ip_global_traffic_manager 10.2.0
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_wan_optimization_manager 10.2.3
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_enterprise_manager 2.1.0
f5 big-ip_wan_optimization_manager 10.2.1
f5 big-ip_global_traffic_manager 11.3.0
f5 big-ip_local_traffic_manager 10.0.1
f5 big-ip_local_traffic_manager 11.0.0
f5 big-ip_analytics 11.4.1
f5 big-ip_protocol_security_module 10.2.1
f5 big-ip_wan_optimization_manager 11.0.0
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_application_security_manager 11.2.0
f5 big-ip_local_traffic_manager 10.2.4
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_analytics 11.2.0
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_wan_optimization_manager 10.2.4
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_application_security_manager 10.2.4
f5 big-ip_webaccelerator 10.0.0
f5 big-ip_local_traffic_manager 11.2.0
f5 big-ip_global_traffic_manager 10.2.2
f5 big-ip_link_controller 10.1.0
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_webaccelerator 10.1.0
f5 big-ip_edge_gateway 10.2.1
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_application_security_manager 11.3.0
f5 big-ip_protocol_security_module 10.0.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_enterprise_manager 3.0.0
f5 big-ip_protocol_security_module 10.2.4
f5 big-ip_link_controller 11.1.0
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_link_controller 11.6.0
f5 big-ip_analytics 11.0.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_enterprise_manager 2.2.0
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_webaccelerator 11.1.0
f5 big-ip_application_security_manager 10.1.0
f5 big-ip_link_controller 10.2.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_analytics 11.3.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_global_traffic_manager 10.2.4
f5 big-ip_wan_optimization_manager 11.3.0
f5 big-ip_link_controller 11.4.0
f5 big-ip_edge_gateway 10.2.4
f5 big-ip_application_security_manager 11.0.0
CVE-2014-6032 MEDIUM

Multiple XML External Entity (XXE) vulnerabilities in the Configuration utility in F5 BIG-IP LTM, ASM, GTM, and Link Controller 11.0 through 11.6.0 and 10.0.0 through 10.2.4, AAM 11.4.0 through 11.6.0, ARM 11.3.0 through 11.6.0, Analytics 11.0.0 through 11.6.0, APM and Edge Gateway 11.0.0 through 11.6.0 and 10.1.0 through 10.2.4, PEM 11.3.0 through 11.6.0, PSM 11.0.0 through 11.4.1 and 10.0.0 through 10.2.4, and WOM 11.0.0 through 11.3.0 and 10.0.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allow remote authenticated users to read arbitrary files and cause a denial of service via a crafted request, as demonstrated using (1) viewList or (2) deal elements.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
f5 big-ip_protocol_security_module 10.2.3
f5 big-ip_local_traffic_manager 10.2.3
f5 big-ip_protocol_security_module 11.0.0
f5 big-ip_local_traffic_manager 10.0.0
f5 big-ip_global_traffic_manager 10.2.1
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_webaccelerator 11.0.0
f5 big-ip_protocol_security_module 10.1.0
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.2.0
f5 big-ip_link_controller 10.0.0
f5 big-ip_application_security_manager 10.2.0
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_wan_optimization_manager 10.2.0
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_global_traffic_manager 11.0.0
f5 big-ip_protocol_security_module 10.2.2
f5 big-ip_application_security_manager 10.2.3
f5 big-ip_protocol_security_module 11.1.0
f5 big-ip_local_traffic_manager 10.1.0
f5 big-ip_local_traffic_manager 10.2.2
f5 big-ip_edge_gateway 11.1.0
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_wan_optimization_manager 11.2.0
f5 big-ip_analytics 11.5.1
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_edge_gateway 11.2.0
f5 big-ip_global_traffic_manager 11.2.0
f5 big-ip_link_controller 11.3.0
f5 big-ip_application_security_manager 10.2.1
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_protocol_security_module 11.2.1
f5 enterprise_manager 2.1.0
f5 big-ip_webaccelerator 10.2.0
f5 big-ip_protocol_security_module 10.2.0
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_edge_gateway 10.2.3
f5 big-ip_wan_optimization_manager 11.1.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_webaccelerator 11.2.0
f5 big-ip_edge_gateway 11.0.0
f5 big-ip_wan_optimization_manager 10.2.2
f5 big-ip_protocol_security_module 11.2.0
f5 big-ip_analytics 11.6.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_webaccelerator 10.2.4
f5 big-ip_link_controller 10.2.2
f5 big-ip_application_security_manager 10.2.2
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_link_controller 10.2.1
f5 big-ip_global_traffic_manager 10.1.0
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_local_traffic_manager 10.2.1
f5 big-ip_webaccelerator 10.2.2
f5 big-ip_edge_gateway 10.2.0
f5 big-ip_link_controller 10.2.3
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_local_traffic_manager 10.2.0
f5 big-ip_analytics 11.1.0
f5 big-ip_link_controller 10.2.4
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_webaccelerator 10.2.1
f5 big-ip_link_controller 11.4.1
f5 big-ip_application_security_manager 10.0.0
f5 big-ip_wan_optimization_manager 10.0.0
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_application_security_manager 11.1.0
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_edge_gateway 10.1.0
f5 big-ip_analytics 11.2.1
f5 big-ip_local_traffic_manager 11.1.0
f5 enterprise_manager 3.1.1
f5 big-ip_wan_optimization_manager 10.1.0
f5 big-ip_link_controller 11.0.0
f5 big-ip_webaccelerator 10.2.3
f5 big-ip_global_traffic_manager 10.2.3
f5 big-ip_global_traffic_manager 10.0.0
f5 big-ip_global_traffic_manager 11.1.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_edge_gateway 10.2.2
f5 big-ip_global_traffic_manager 10.2.0
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_wan_optimization_manager 10.2.3
f5 big-ip_wan_optimization_manager 10.2.1
f5 big-ip_global_traffic_manager 11.3.0
f5 big-ip_local_traffic_manager 11.0.0
f5 big-ip_analytics 11.4.1
f5 big-ip_protocol_security_module 10.2.1
f5 big-ip_wan_optimization_manager 11.0.0
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_application_security_manager 11.2.0
f5 big-ip_local_traffic_manager 10.2.4
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_analytics 11.2.0
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_wan_optimization_manager 10.2.4
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_application_security_manager 10.2.4
f5 big-ip_webaccelerator 10.0.0
f5 big-ip_local_traffic_manager 11.2.0
f5 enterprise_manager 3.0.0
f5 big-ip_global_traffic_manager 10.2.2
f5 big-ip_link_controller 10.1.0
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_webaccelerator 10.1.0
f5 big-ip_edge_gateway 10.2.1
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_application_security_manager 11.3.0
f5 enterprise_manager 3.1.0
f5 big-ip_protocol_security_module 10.0.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_protocol_security_module 10.2.4
f5 big-ip_link_controller 11.1.0
f5 big-ip_link_controller 11.6.0
f5 big-ip_analytics 11.0.0
f5 enterprise_manager 2.2.0
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_webaccelerator 11.1.0
f5 big-ip_application_security_manager 10.1.0
f5 big-ip_link_controller 10.2.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_analytics 11.3.0
f5 enterprise_manager 2.3.0
f5 big-ip_global_traffic_manager 10.2.4
f5 big-ip_wan_optimization_manager 11.3.0
f5 big-ip_link_controller 11.4.0
f5 big-ip_edge_gateway 10.2.4
f5 big-ip_application_security_manager 11.0.0
CVE-2014-6271 HIGH

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
novell zenworks_configuration_management 11.2
ibm qradar_security_information_and_event_manager 7.2
ibm qradar_security_information_and_event_manager 7.2.3
redhat enterprise_linux_server_tus 7.6
ibm pureapplication_system 2.0.0.0
ibm software_defined_network_for_virtual_environments *
f5 big-ip_application_security_manager *
redhat enterprise_linux_workstation 7.0
f5 big-ip_wan_optimization_manager *
f5 big-iq_security *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.7
redhat enterprise_linux_for_ibm_z_systems 7.5_s390x
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_webaccelerator *
novell zenworks_configuration_management 10.3
ibm stn6800_firmware *
ibm qradar_security_information_and_event_manager 7.2.2
redhat enterprise_linux_eus 6.4
ibm storwize_v5000_firmware *
suse linux_enterprise_server 12
novell zenworks_configuration_management 11
redhat enterprise_linux_for_ibm_z_systems 7.7_s390x
oracle linux 5
redhat enterprise_linux_for_power_big_endian 6.4_ppc64
qnap qts 4.1.1
ibm qradar_security_information_and_event_manager 7.2.9
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
redhat enterprise_linux_eus 5.9
redhat enterprise_linux_for_ibm_z_systems 6.4_s390x
apple mac_os_x *
redhat enterprise_linux_for_ibm_z_systems 7.4_s390x
ibm qradar_security_information_and_event_manager 7.2.5
citrix netscaler_sdx_firmware *
redhat enterprise_linux_workstation 6.0
ibm storwize_v3500_firmware *
novell zenworks_configuration_management 11.1
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
redhat enterprise_linux_eus 6.5
mageia mageia 3.0
ibm qradar_security_information_and_event_manager 7.1.1
ibm starter_kit_for_cloud 2.2.0
redhat enterprise_linux_server 5.0
redhat enterprise_linux 5.0
ibm flex_system_v7000_firmware *
redhat enterprise_linux_desktop 6.0
ibm storwize_v7000_firmware *
redhat gluster_storage_server_for_on-premise 2.1
ibm storwize_v3700_firmware *
f5 big-ip_local_traffic_manager 11.6.0
ibm smartcloud_entry_appliance 2.3.0
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_from_rhui 5.0
ibm workload_deployer *
canonical ubuntu_linux 12.04
redhat enterprise_linux_server 6.0
ibm qradar_vulnerability_manager 7.2.1
ibm san_volume_controller_firmware *
f5 big-ip_analytics 11.6.0
opensuse opensuse 12.3
redhat enterprise_linux_for_ibm_z_systems 5.9_s390x
ibm smartcloud_provisioning 2.1.0
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.1
redhat enterprise_linux_for_scientific_computing 7.0
ibm qradar_vulnerability_manager 7.2.2
vmware vcenter_server_appliance 5.5
ibm infosphere_guardium_database_activity_monitoring 8.2
redhat enterprise_linux_server_from_rhui 6.0
f5 big-ip_global_traffic_manager 11.6.0
f5 traffix_signaling_delivery_controller 3.4.1
ibm smartcloud_entry_appliance 2.4.0
redhat enterprise_linux_workstation 5.0
vmware esx 4.0
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
f5 big-ip_advanced_firewall_manager 11.6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_for_power_big_endian 5.0_ppc
f5 big-ip_advanced_firewall_manager *
arista eos *
redhat enterprise_linux_for_ibm_z_systems 6.5_s390x
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_aus 6.2
f5 big-iq_cloud *
redhat enterprise_linux_for_power_big_endian 5.9_ppc
ibm smartcloud_entry_appliance 3.1.0
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_for_scientific_computing 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.7
ibm qradar_security_information_and_event_manager 7.2.6
ibm stn7800_firmware *
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.5
ibm security_access_manager_for_web_7.0_firmware 7.0.0.1
f5 traffix_signaling_delivery_controller 4.1.0
ibm qradar_security_information_and_event_manager 7.2.4
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.3
ibm security_access_manager_for_web_7.0_firmware 7.0.0.8
f5 big-ip_access_policy_manager 11.6.0
redhat virtualization 3.4
oracle linux 4
ibm qradar_security_information_and_event_manager 7.2.7
suse linux_enterprise_software_development_kit 11
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
redhat enterprise_linux_server_aus 6.4
canonical ubuntu_linux 14.04
f5 big-iq_device *
f5 arx_firmware *
redhat enterprise_linux_for_power_big_endian_eus 6.5_ppc64
redhat enterprise_linux 4.0
suse linux_enterprise_desktop 12
vmware vcenter_server_appliance 5.1
ibm qradar_security_information_and_event_manager 7.2.8.15
f5 big-ip_application_acceleration_manager *
ibm pureapplication_system *
ibm qradar_security_information_and_event_manager 7.2.1
f5 big-ip_analytics *
redhat enterprise_linux_server_aus 5.6
ibm qradar_security_information_and_event_manager 7.2.0
novell open_enterprise_server 11.0
qnap qts *
ibm qradar_vulnerability_manager 7.2.4
redhat enterprise_linux_server_aus 5.9
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_for_ibm_z_systems 7.6_s390x
ibm qradar_security_information_and_event_manager 7.1.0
redhat enterprise_linux 6.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
ibm infosphere_guardium_database_activity_monitoring 9.1
f5 big-ip_application_acceleration_manager 11.6.0
suse linux_enterprise_server 11
ibm smartcloud_entry_appliance 3.2.0
redhat enterprise_linux_server_tus 7.3
f5 big-ip_global_traffic_manager *
gnu bash *
f5 big-ip_access_policy_manager *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.3
ibm qradar_vulnerability_manager 7.2.3
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.2
redhat enterprise_linux_server_aus 7.4
vmware esx 4.1
canonical ubuntu_linux 10.04
ibm security_access_manager_for_web_8.0_firmware 8.0.0.5
f5 big-ip_protocol_security_module *
f5 traffix_signaling_delivery_controller *
novell open_enterprise_server 2.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager 11.6.0
f5 traffix_signaling_delivery_controller 3.3.2
f5 big-ip_policy_enforcement_manager *
ibm infosphere_guardium_database_activity_monitoring 9.0
redhat enterprise_linux_for_ibm_z_systems 7.3_s390x
f5 big-ip_edge_gateway *
f5 enterprise_manager *
ibm qradar_security_information_and_event_manager 7.1.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 7.6
ibm qradar_vulnerability_manager 7.2.8
ibm stn6500_firmware *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.4
suse linux_enterprise_software_development_kit 12
f5 big-ip_link_controller 11.6.0
opensuse opensuse 13.2
ibm security_access_manager_for_web_7.0_firmware 7.0.0.5
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
redhat enterprise_linux_server_from_rhui 7.0
suse linux_enterprise_desktop 11
redhat enterprise_linux_eus 7.7
ibm qradar_security_information_and_event_manager 7.2.8
suse studio_onsite 1.3
opensuse opensuse 13.1
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_server_aus 7.6
suse linux_enterprise_server 10
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
vmware vcenter_server_appliance 5.0
ibm qradar_risk_manager 7.1.0
redhat enterprise_linux 7.0
mageia mageia 4.0
ibm qradar_vulnerability_manager 7.2.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.6
checkpoint security_gateway *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.2
oracle linux 6
ibm qradar_vulnerability_manager 7.2.6
debian debian_linux 7.0
novell zenworks_configuration_management 11.3.0
f5 traffix_signaling_delivery_controller 3.5.1
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
CVE-2014-7169 HIGH

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
novell zenworks_configuration_management 11.2
ibm qradar_security_information_and_event_manager 7.2
ibm qradar_security_information_and_event_manager 7.2.3
redhat enterprise_linux_server_tus 7.6
ibm pureapplication_system 2.0.0.0
ibm software_defined_network_for_virtual_environments *
f5 big-ip_application_security_manager *
redhat enterprise_linux_workstation 7.0
f5 big-ip_wan_optimization_manager *
f5 big-iq_security *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.7
redhat enterprise_linux_for_ibm_z_systems 7.5_s390x
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_webaccelerator *
novell zenworks_configuration_management 10.3
ibm stn6800_firmware *
ibm qradar_security_information_and_event_manager 7.2.2
redhat enterprise_linux_eus 6.4
ibm storwize_v5000_firmware *
suse linux_enterprise_server 12
novell zenworks_configuration_management 11
redhat enterprise_linux_for_ibm_z_systems 7.7_s390x
oracle linux 5
redhat enterprise_linux_for_power_big_endian 6.4_ppc64
qnap qts 4.1.1
ibm qradar_security_information_and_event_manager 7.2.9
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
redhat enterprise_linux_eus 5.9
redhat enterprise_linux_for_ibm_z_systems 6.4_s390x
apple mac_os_x *
redhat enterprise_linux_for_ibm_z_systems 7.4_s390x
ibm qradar_security_information_and_event_manager 7.2.5
citrix netscaler_sdx_firmware *
redhat enterprise_linux_workstation 6.0
ibm storwize_v3500_firmware *
novell zenworks_configuration_management 11.1
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
redhat enterprise_linux_eus 6.5
mageia mageia 3.0
ibm qradar_security_information_and_event_manager 7.1.1
ibm starter_kit_for_cloud 2.2.0
redhat enterprise_linux_server 5.0
redhat enterprise_linux 5.0
ibm flex_system_v7000_firmware *
redhat enterprise_linux_desktop 6.0
ibm storwize_v7000_firmware *
redhat gluster_storage_server_for_on-premise 2.1
ibm storwize_v3700_firmware *
f5 big-ip_local_traffic_manager 11.6.0
ibm smartcloud_entry_appliance 2.3.0
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_from_rhui 5.0
ibm workload_deployer *
canonical ubuntu_linux 12.04
redhat enterprise_linux_server 6.0
ibm qradar_vulnerability_manager 7.2.1
ibm san_volume_controller_firmware *
f5 big-ip_analytics 11.6.0
opensuse opensuse 12.3
redhat enterprise_linux_for_ibm_z_systems 5.9_s390x
ibm smartcloud_provisioning 2.1.0
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.1
redhat enterprise_linux_for_scientific_computing 7.0
ibm qradar_vulnerability_manager 7.2.2
vmware vcenter_server_appliance 5.5
ibm infosphere_guardium_database_activity_monitoring 8.2
redhat enterprise_linux_server_from_rhui 6.0
f5 big-ip_global_traffic_manager 11.6.0
f5 traffix_signaling_delivery_controller 3.4.1
ibm smartcloud_entry_appliance 2.4.0
redhat enterprise_linux_workstation 5.0
vmware esx 4.0
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
f5 big-ip_advanced_firewall_manager 11.6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_for_power_big_endian 5.0_ppc
f5 big-ip_advanced_firewall_manager *
arista eos *
redhat enterprise_linux_for_ibm_z_systems 6.5_s390x
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_aus 6.2
f5 big-iq_cloud *
redhat enterprise_linux_for_power_big_endian 5.9_ppc
ibm smartcloud_entry_appliance 3.1.0
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_for_scientific_computing 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.7
ibm qradar_security_information_and_event_manager 7.2.6
ibm stn7800_firmware *
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.5
ibm security_access_manager_for_web_7.0_firmware 7.0.0.1
f5 traffix_signaling_delivery_controller 4.1.0
ibm qradar_security_information_and_event_manager 7.2.4
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.3
ibm security_access_manager_for_web_7.0_firmware 7.0.0.8
f5 big-ip_access_policy_manager 11.6.0
redhat virtualization 3.4
oracle linux 4
ibm qradar_security_information_and_event_manager 7.2.7
suse linux_enterprise_software_development_kit 11
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
redhat enterprise_linux_server_aus 6.4
canonical ubuntu_linux 14.04
f5 big-iq_device *
f5 arx_firmware *
redhat enterprise_linux_for_power_big_endian_eus 6.5_ppc64
redhat enterprise_linux 4.0
suse linux_enterprise_desktop 12
vmware vcenter_server_appliance 5.1
ibm qradar_security_information_and_event_manager 7.2.8.15
f5 big-ip_application_acceleration_manager *
ibm pureapplication_system *
ibm qradar_security_information_and_event_manager 7.2.1
f5 big-ip_analytics *
redhat enterprise_linux_server_aus 5.6
ibm qradar_security_information_and_event_manager 7.2.0
novell open_enterprise_server 11.0
qnap qts *
ibm qradar_vulnerability_manager 7.2.4
redhat enterprise_linux_server_aus 5.9
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_for_ibm_z_systems 7.6_s390x
ibm qradar_security_information_and_event_manager 7.1.0
redhat enterprise_linux 6.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
ibm infosphere_guardium_database_activity_monitoring 9.1
f5 big-ip_application_acceleration_manager 11.6.0
suse linux_enterprise_server 11
ibm smartcloud_entry_appliance 3.2.0
redhat enterprise_linux_server_tus 7.3
f5 big-ip_global_traffic_manager *
gnu bash *
f5 big-ip_access_policy_manager *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.3
ibm qradar_vulnerability_manager 7.2.3
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.2
redhat enterprise_linux_server_aus 7.4
vmware esx 4.1
canonical ubuntu_linux 10.04
ibm security_access_manager_for_web_8.0_firmware 8.0.0.5
f5 big-ip_protocol_security_module *
f5 traffix_signaling_delivery_controller *
novell open_enterprise_server 2.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager 11.6.0
f5 traffix_signaling_delivery_controller 3.3.2
f5 big-ip_policy_enforcement_manager *
ibm infosphere_guardium_database_activity_monitoring 9.0
redhat enterprise_linux_for_ibm_z_systems 7.3_s390x
f5 big-ip_edge_gateway *
f5 enterprise_manager *
ibm qradar_security_information_and_event_manager 7.1.2
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 7.6
ibm qradar_vulnerability_manager 7.2.8
ibm stn6500_firmware *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.4
suse linux_enterprise_software_development_kit 12
f5 big-ip_link_controller 11.6.0
opensuse opensuse 13.2
ibm security_access_manager_for_web_7.0_firmware 7.0.0.5
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
redhat enterprise_linux_server_from_rhui 7.0
suse linux_enterprise_desktop 11
redhat enterprise_linux_eus 7.7
ibm qradar_security_information_and_event_manager 7.2.8
suse studio_onsite 1.3
opensuse opensuse 13.1
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_server_aus 7.6
suse linux_enterprise_server 10
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
vmware vcenter_server_appliance 5.0
ibm qradar_risk_manager 7.1.0
redhat enterprise_linux 7.0
mageia mageia 4.0
ibm qradar_vulnerability_manager 7.2.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.6
checkpoint security_gateway *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.2
oracle linux 6
ibm qradar_vulnerability_manager 7.2.6
debian debian_linux 7.0
novell zenworks_configuration_management 11.3.0
f5 traffix_signaling_delivery_controller 3.5.1
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
CVE-2014-8727 MEDIUM

Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
CVE-2014-8730 MEDIUM

The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, PEM 11.3.0 through 11.6.0, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.4.1 and BIG-IQ Cloud and Security 4.0.0 through 4.4.0 and Device 4.2.0 through 4.4.0, when using TLS 1.x before TLS 1.2, does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). NOTE: the scope of this identifier is limited to the F5 implementation only. Other vulnerable implementations should receive their own CVE ID, since this is not a vulnerability within the design of TLS 1.x itself.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
f5 big-ip_protocol_security_module 10.2.3
f5 big-ip_local_traffic_manager 10.2.3
f5 big-ip_protocol_security_module 11.0.0
f5 big-ip_local_traffic_manager 10.0.0
f5 big-ip_webaccelerator 11.0.0
f5 big-iq_cloud 4.0.0
f5 big-ip_protocol_security_module 10.1.0
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 10.2.0
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_wan_optimization_manager 10.2.0
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_protocol_security_module 10.2.2
f5 big-ip_application_security_manager 10.2.3
f5 big-ip_wan_optimization_manager 10.0.1
f5 big-ip_protocol_security_module 11.1.0
f5 big-ip_local_traffic_manager 10.1.0
f5 big-ip_local_traffic_manager 10.2.2
f5 big-ip_edge_gateway 11.1.0
f5 big-ip_access_policy_manager 11.1.0
f5 big-iq_cloud 4.3.0
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_wan_optimization_manager 11.2.0
f5 big-ip_analytics 11.5.1
f5 big-ip_access_policy_manager 11.2.0
f5 big-ip_edge_gateway 11.2.0
f5 big-ip_access_policy_manager 10.2.0
f5 big-ip_application_security_manager 10.2.1
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-iq_security 4.4.0
f5 big-iq_cloud 4.2.0
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_access_policy_manager 10.2.1
f5 big-ip_webaccelerator 10.2.0
f5 big-ip_protocol_security_module 10.2.0
f5 big-ip_access_policy_manager 11.0.0
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_edge_gateway 10.2.3
f5 big-ip_wan_optimization_manager 11.1.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_access_policy_manager 10.2.2
f5 big-ip_webaccelerator 11.2.0
f5 big-ip_edge_gateway 11.0.0
f5 big-ip_wan_optimization_manager 10.2.2
f5 big-ip_protocol_security_module 11.2.0
f5 big-ip_webaccelerator 10.2.4
f5 big-ip_application_security_manager 10.2.2
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_application_security_manager 10.0.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-iq_security 4.1.0
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_local_traffic_manager 10.2.1
f5 big-ip_webaccelerator 10.2.2
f5 big-ip_edge_gateway 10.2.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_local_traffic_manager 10.2.0
f5 big-iq_security 4.0.0
f5 big-ip_analytics 11.1.0
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_webaccelerator 10.2.1
f5 big-ip_application_security_manager 10.0.0
f5 big-ip_wan_optimization_manager 10.0.0
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_application_security_manager 11.1.0
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_access_policy_manager 10.2.4
f5 big-ip_webaccelerator 10.0.1
f5 big-iq_device 4.2.0
f5 big-ip_access_policy_manager 10.1.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_edge_gateway 10.1.0
f5 big-ip_analytics 11.2.1
f5 big-ip_access_policy_manager 10.2.3
f5 big-ip_local_traffic_manager 11.1.0
f5 big-ip_wan_optimization_manager 10.1.0
f5 big-ip_webaccelerator 10.2.3
f5 big-iq_device 4.3.0
f5 big-iq_security 4.3.0
f5 big-iq_security 4.2.0
f5 big-ip_edge_gateway 10.2.2
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_wan_optimization_manager 10.2.3
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_wan_optimization_manager 10.2.1
f5 big-ip_local_traffic_manager 10.0.1
f5 big-ip_local_traffic_manager 11.0.0
f5 big-ip_analytics 11.4.1
f5 big-ip_protocol_security_module 10.2.1
f5 big-iq_cloud 4.1.0
f5 big-ip_wan_optimization_manager 11.0.0
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-iq_device 4.4.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_application_security_manager 11.2.0
f5 big-ip_local_traffic_manager 10.2.4
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_analytics 11.2.0
f5 big-ip_protocol_security_module 10.0.1
f5 big-ip_protocol_security_module 11.4.1
f5 big-iq_cloud 4.4.0
f5 big-ip_wan_optimization_manager 10.2.4
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_application_security_manager 10.2.4
f5 big-ip_webaccelerator 10.0.0
f5 big-ip_local_traffic_manager 11.2.0
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_webaccelerator 10.1.0
f5 big-ip_edge_gateway 10.2.1
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_application_security_manager 11.3.0
f5 big-ip_protocol_security_module 10.0.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_protocol_security_module 10.2.4
f5 big-ip_analytics 11.0.0
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_webaccelerator 11.1.0
f5 big-ip_application_security_manager 10.1.0
f5 big-ip_analytics 11.3.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_wan_optimization_manager 11.3.0
f5 big-ip_edge_gateway 10.2.4
f5 big-ip_application_security_manager 11.0.0
CVE-2014-9326 MEDIUM

The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_link_controller 11.5.1
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_analytics 11.5.2
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_analytics 11.6.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_link_controller 11.6.0
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_analytics 11.5.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_policy_enforcement_manager11.5.1 *
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_advanced_firewall_manager 11.5.0
CVE-2014-9342 MEDIUM

Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip 11.3.0
CVE-2015-1050 MEDIUM

Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
CVE-2015-3628 HIGH

The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0, BIG-IP GTM 11.3.0 before 11.6.0 HF6, BIG-IP PSM 11.3.0 through 11.4.1, Enterprise Manager 3.1.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote authenticated users with the "Resource Administrator" role to gain privileges via an iCall (1) script or (2) handler in a SOAP request to iControl/iControlPortal.cgi.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-iq_cloud 4.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_enterprise_manager 3.1.0
f5 big-ip_link_controller 11.5.3
f5 big-iq_security 4.5.0
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_enterprise_manager 3.1.1
f5 big-iq_cloud 4.3.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_analytics 11.5.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_link_controller 11.3.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-iq_security 4.4.0
f5 big-iq_cloud 4.2.0
f5 big-iq_device 4.5.0
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_analytics 11.6.0
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-iq_cloud 4.5.0
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-iq_security 4.1.0
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-iq_security 4.0.0
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-iq_device 4.2.0
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_analytics 11.5.2
f5 big-ip_application_security_manager 11.5.3
f5 big-iq_device 4.3.0
f5 big-iq_security 4.3.0
f5 big-ip_access_policy_manager 11.4.1
f5 big-iq_security 4.2.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_global_traffic_manager 11.3.0
f5 big-ip_analytics 11.4.1
f5 big-iq_cloud 4.1.0
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-iq_device 4.4.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_protocol_security_module 11.4.1
f5 big-iq_cloud 4.4.0
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_application_security_manager 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_enterprise_manager 3.0.0
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-iq_adc 4.5.0
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_analytics 11.3.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_wan_optimization_manager 11.3.0
f5 big-ip_link_controller 11.4.0
CVE-2015-4040 MEDIUM

Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_wan_optimization_manager *
f5 enterprise_manager 3.0.0
f5 enterprise_manager 3.1.1
f5 big-ip_protocol_security_module *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 enterprise_manager 3.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2015-4047 HIGH

racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 20
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_wan_optimization_manager *
f5 big-ip_protocol_security_manager *
f5 big-iq_security *
f5 big-iq_device *
ipsec-tools ipsec-tools 0.8.2
debian debian_linux 8.0
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
canonical ubuntu_linux 12.04
f5 big-iq_cloud_and_orchestration 1.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_domain_name_system 13.0.0
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 enterprise_manager *
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-iq_adc 4.5.0
f5 big-ip_link_controller 13.0.0
fedoraproject fedora 21
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management 4.6.0
f5 big-iq_cloud *
f5 big-ip_global_traffic_manager *
f5 big-ip_access_policy_manager 13.0.0
debian debian_linux 7.0
f5 big-ip_local_traffic_manager 13.0.0
debian debian_linux 9.0
CVE-2015-4637 MEDIUM

The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-17,CWE-310,

Products Affected

Vendor Product Version
f5 big-iq_cloud 4.5.0
f5 big-iq_device 4.4.0
f5 big-iq_security 4.4.0
f5 big-iq_security 4.5.0
f5 big-iq_adc 4.5.0
f5 big-iq_device 4.5.0
f5 big-iq_cloud 4.4.0
CVE-2015-4638 MEDIUM

The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 through 11.3.0, and BIG-IP PSM 11.2.1 through 11.4.1 allows remote attackers to cause a denial of service (Traffic Management Microkernel restart) via a fragmented packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_analytics 11.5.2
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_analytics 11.4.0
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_analytics 11.5.1
f5 big-ip_global_traffic_manager 11.3.0
f5 big-ip_analytics 11.4.1
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_link_controller 11.3.0
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_security_manager 11.3.0
f5 big-ip_analytics 11.6.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_link_controller 11.6.0
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_analytics 11.3.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_link_controller 11.4.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 11.5.0
CVE-2015-5058 HIGH

Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.5.x before 11.5.1 HF10, 11.5.3 before HF1, and 11.6.0 before HF5, BIG-IQ Cloud, Device, and Security 4.4.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted ICMP packets.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_link_controller 11.5.1
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_link_controller 11.5.3
f5 big-ip_analytics 11.6.0
f5 big-iq_security 4.5.0
f5 big-ip_analytics 11.5.3
f5 big-iq_cloud 4.5.0
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-iq_adc 4.5.0
f5 big-ip_analytics 11.5.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-iq_device 4.4.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-iq_security 4.4.0
f5 big-iq_device 4.5.0
f5 big-iq_cloud 4.4.0
CVE-2015-5516 HIGH

Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and Link Controller 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.x before HF6, BIG-IP AAM 11.4.x, 11.5.x before 11.5.3 HF2 and 11.6.0 before HF6, BIG-IP AFM and PEM 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP Analytics 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP APM and ASM 10.1.0 through 10.2.4, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, and 11.3.0, BIG-IP PSM 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, and 11.4.x before 11.4.1 HF, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 might allow remote attackers to cause a denial of service (memory consumption) via a large number of crafted UDP packets.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
f5 big-ip_protocol_security_module 10.2.3
f5 big-ip_local_traffic_manager 10.2.3
f5 big-ip_link_controller 11.5.2
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_webaccelerator 11.0.0
f5 big-ip_protocol_security_module 10.1.0
f5 big-ip_application_security_manager 10.2.0
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_global_traffic_manager 11.0.0
f5 big-ip_local_traffic_manager 10.1.0
f5 big-ip_local_traffic_manager 10.2.2
f5 big-ip_edge_gateway 11.1.0
f5 big-ip_enterprise_manager 3.1.1
f5 big-iq_cloud 4.3.0
f5 big-ip_analytics 11.5.1
f5 big-ip_access_policy_manager 11.2.0
f5 big-ip_edge_gateway 11.2.0
f5 big-ip_access_policy_manager 10.2.0
f5 big-ip_application_security_manager 10.2.1
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_local_traffic_manager 11.2.1
f5 big-iq_cloud 4.2.0
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_webaccelerator 10.2.0
f5 big-ip_protocol_security_module 10.2.0
f5 big-iq_application_delivery_controller 4.5.0
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_access_policy_manager 10.2.2
f5 big-ip_webaccelerator 11.2.0
f5 big-ip_analytics 11.6.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_link_controller 10.2.2
f5 big-ip_analytics 11.5.3
f5 big-ip_application_security_manager 10.2.2
f5 big-iq_cloud 4.5.0
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_edge_gateway 10.2.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_local_traffic_manager 10.2.0
f5 big-ip_analytics 11.1.0
f5 big-ip_link_controller 10.2.4
f5 big-ip_link_controller 11.4.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-iq_device 4.2.0
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_wan_optimization_manager 10.1.0
f5 big-ip_link_controller 11.0.0
f5 big-ip_webaccelerator 10.2.3
f5 big-ip_global_traffic_manager 10.2.3
f5 big-iq_security 4.2.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_edge_gateway 10.2.2
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_wan_optimization_manager 10.2.1
f5 big-ip_global_traffic_manager 11.3.0
f5 big-ip_local_traffic_manager 10.0.1
f5 big-ip_local_traffic_manager 11.0.0
f5 big-ip_protocol_security_module 10.2.1
f5 big-iq_cloud 4.1.0
f5 big-ip_wan_optimization_manager 11.0.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-iq_device 4.4.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_analytics 11.2.0
f5 big-iq_cloud 4.4.0
f5 big-ip_wan_optimization_manager 10.2.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_application_security_manager 10.2.4
f5 big-ip_local_traffic_manager 11.2.0
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_webaccelerator 10.1.0
f5 big-ip_edge_gateway 10.2.1
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_enterprise_manager 3.0.0
f5 big-ip_protocol_security_module 10.2.4
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 10.2.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_analytics 11.3.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_global_traffic_manager 10.2.4
f5 big-ip_wan_optimization_manager 11.3.0
f5 big-ip_application_security_manager 11.0.0
f5 big-ip_protocol_security_module 11.0.0
f5 big-ip_local_traffic_manager 10.0.0
f5 big-ip_global_traffic_manager 10.2.1
f5 big-iq_cloud 4.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.2.0
f5 big-ip_enterprise_manager 3.1.0
f5 big-ip_link_controller 11.5.3
f5 big-iq_security 4.5.0
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_wan_optimization_manager 10.2.0
f5 big-ip_protocol_security_module 10.2.2
f5 big-ip_application_security_manager 10.2.3
f5 big-ip_protocol_security_module 11.1.0
f5 big-ip_access_policy_manager 11.1.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_wan_optimization_manager 11.2.0
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_global_traffic_manager 11.2.0
f5 big-ip_link_controller 11.3.0
f5 big-ip_access_policy_manager 11.5.0
f5 big-iq_security 4.4.0
f5 big-iq_device 4.5.0
f5 big-ip_access_policy_manager 10.2.1
f5 big-ip_access_policy_manager 11.0.0
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_edge_gateway 10.2.3
f5 big-ip_wan_optimization_manager 11.1.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_edge_gateway 11.0.0
f5 big-ip_wan_optimization_manager 10.2.2
f5 big-ip_protocol_security_module 11.2.0
f5 big-ip_webaccelerator 10.2.4
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_link_controller 10.2.1
f5 big-ip_global_traffic_manager 10.1.0
f5 big-iq_security 4.1.0
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_local_traffic_manager 10.2.1
f5 big-ip_webaccelerator 10.2.2
f5 big-ip_link_controller 10.2.3
f5 big-iq_security 4.0.0
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_webaccelerator 10.2.1
f5 big-ip_application_security_manager 11.1.0
f5 big-ip_access_policy_manager 10.2.4
f5 big-ip_access_policy_manager 10.1.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_edge_gateway 10.1.0
f5 big-ip_analytics 11.2.1
f5 big-ip_access_policy_manager 10.2.3
f5 big-ip_local_traffic_manager 11.1.0
f5 big-ip_analytics 11.5.2
f5 big-iq_device 4.3.0
f5 big-iq_security 4.3.0
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_global_traffic_manager 11.1.0
f5 big-ip_global_traffic_manager 10.2.0
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_wan_optimization_manager 10.2.3
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_analytics 11.4.1
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_security_manager 11.2.0
f5 big-ip_local_traffic_manager 10.2.4
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_global_traffic_manager 10.2.2
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_link_controller 10.1.0
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_security_manager 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_link_controller 11.1.0
f5 big-ip_link_controller 11.6.0
f5 big-ip_analytics 11.0.0
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_webaccelerator 11.1.0
f5 big-ip_application_security_manager 10.1.0
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_link_controller 11.4.0
f5 big-ip_edge_gateway 10.2.4
CVE-2015-5738 MEDIUM

The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
marvell software_development_kit 2.0
f5 traffix_signaling_delivery_controller *
CVE-2015-6546 MEDIUM

The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0, BIG-IP PSM 11.0.0 through 11.4.1 allows remote attackers to cause a denial of service via "malicious traffic."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_protocol_security_module 11.0.0
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_webaccelerator 11.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_link_controller 11.2.0
f5 big-ip_link_controller 11.5.3
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_global_traffic_manager 11.0.0
f5 big-ip_protocol_security_module 11.1.0
f5 big-ip_edge_gateway 11.1.0
f5 big-ip_access_policy_manager 11.1.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_wan_optimization_manager 11.2.0
f5 big-ip_analytics 11.5.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_access_policy_manager 11.2.0
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_edge_gateway 11.2.0
f5 big-ip_global_traffic_manager 11.2.0
f5 big-ip_link_controller 11.3.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_access_policy_manager 11.0.0
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_wan_optimization_manager 11.1.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_webaccelerator 11.2.0
f5 big-ip_edge_gateway 11.0.0
f5 big-ip_protocol_security_module 11.2.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_analytics 11.1.0
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_application_security_manager 11.1.0
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_analytics 11.2.1
f5 big-ip_analytics 11.5.2
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_link_controller 11.0.0
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_global_traffic_manager 11.1.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_global_traffic_manager 11.3.0
f5 big-ip_analytics 11.4.1
f5 big-ip_wan_optimization_manager 11.0.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_security_manager 11.2.0
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_analytics 11.2.0
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_application_security_manager 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_link_controller 11.1.0
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_analytics 11.0.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_webaccelerator 11.1.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_analytics 11.3.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_wan_optimization_manager 11.3.0
f5 big-ip_link_controller 11.4.0
f5 big-ip_application_security_manager 11.0.0
CVE-2015-7393 MEDIUM

dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-iq_cloud 4.0.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.6.0
f5 big-iq_security 4.5.0
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_edge_gateway 11.3.0
f5 big-iq_cloud 4.3.0
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_wan_optimization_manager 11.2.0
f5 big-ip_analytics 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_access_policy_manager 11.2.0
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_edge_gateway 11.2.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-iq_security 4.4.0
f5 big-iq_cloud 4.2.0
f5 big-iq_device 4.5.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_access_policy_manager 11.4.0
f5 big-iq_application_delivery_controller 4.5.0
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_webaccelerator 11.2.0
f5 big-ip_protocol_security_module 11.2.0
f5 big-ip_analytics 11.6.0
f5 big-iq_cloud 4.5.0
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-iq_security 4.1.0
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-iq_security 4.0.0
f5 big-ip_global_traffic_manager11.2.0 *
f5 big-iq_centralized_management 4.6.0
f5 big-ip_analytics 11.1.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-iq_device 4.2.0
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_analytics 11.2.1
f5 big-iq_device 4.3.0
f5 big-iq_security 4.3.0
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-iq_security 4.2.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_global_traffic_manager 11.3.0
f5 big-ip_analytics 11.4.1
f5 big-iq_cloud 4.1.0
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-iq_device 4.4.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_application_security_manager 11.2.0
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_analytics 11.2.0
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_analytics 12.0.0
f5 big-iq_cloud 4.4.0
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_local_traffic_manager 11.2.0
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-iq_cloud_and_orchestration 1.0.0
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_application_security_manager 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_analytics 11.0.0
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_analytics 11.3.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_wan_optimization_manager 11.3.0
CVE-2015-7394 HIGH

The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP GTM 11.1.0 through 11.6.0, BIG-IP PSM 11.1.0 through 11.4.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ ADC 4.5.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to cause a denial of service or gain privileges by leveraging permission to upload and execute code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-iq_cloud 4.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.2.0
f5 big-ip_enterprise_manager 3.1.0
f5 big-ip_link_controller 11.5.3
f5 big-iq_security 4.5.0
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_protocol_security_module 11.1.0
f5 big-ip_edge_gateway 11.1.0
f5 big-ip_enterprise_manager 3.1.1
f5 big-ip_access_policy_manager 11.1.0
f5 big-iq_cloud 4.3.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_wan_optimization_manager 11.2.0
f5 big-ip_analytics 11.5.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_access_policy_manager 11.2.0
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_edge_gateway 11.2.0
f5 big-ip_global_traffic_manager 11.2.0
f5 big-ip_link_controller 11.3.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-iq_security 4.4.0
f5 big-iq_cloud 4.2.0
f5 big-iq_device 4.5.0
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_wan_optimization_manager 11.1.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_webaccelerator 11.2.0
f5 big-ip_protocol_security_module 11.2.0
f5 big-ip_analytics 11.6.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-iq_cloud 4.5.0
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-iq_security 4.1.0
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-iq_security 4.0.0
f5 big-ip_analytics 11.1.0
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_application_security_manager 11.1.0
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-iq_device 4.2.0
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_analytics 11.2.1
f5 big-ip_local_traffic_manager 11.1.0
f5 big-ip_analytics 11.5.2
f5 big-ip_application_security_manager 11.5.3
f5 big-iq_device 4.3.0
f5 big-iq_security 4.3.0
f5 big-ip_access_policy_manager 11.4.1
f5 big-iq_security 4.2.0
f5 big-ip_global_traffic_manager 11.1.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_global_traffic_manager 11.3.0
f5 big-ip_analytics 11.4.1
f5 big-iq_cloud 4.1.0
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-iq_device 4.4.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_application_security_manager 11.2.0
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_analytics 11.2.0
f5 big-ip_protocol_security_module 11.4.1
f5 big-iq_cloud 4.4.0
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_local_traffic_manager 11.2.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_application_security_manager 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_enterprise_manager 3.0.0
f5 big-ip_link_controller 11.1.0
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-iq_adc 4.5.0
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_webaccelerator 11.1.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_analytics 11.3.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_wan_optimization_manager 11.3.0
f5 big-ip_link_controller 11.4.0
CVE-2015-7547 MEDIUM

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
suse linux_enterprise_debuginfo 11.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 14.04
gnu glibc 2.9
f5 big-ip_application_security_manager 12.0.0
redhat enterprise_linux_server_eus 7.2
gnu glibc 2.19
suse linux_enterprise_desktop 12
gnu glibc 2.12.2
gnu glibc 2.11.2
oracle fujitsu_m10_firmware *
f5 big-ip_application_acceleration_manager 12.0.0
oracle exalogic_infrastructure 2.0
suse linux_enterprise_server 12
gnu glibc 2.16
sophos unified_threat_management_software 9.355
oracle exalogic_infrastructure 1.0
gnu glibc 2.10.1
hp helion_openstack 2.0.0
gnu glibc 2.17
f5 big-ip_local_traffic_manager 12.0.0
redhat enterprise_linux_hpc_node_eus 7.2
gnu glibc 2.12.1
f5 big-ip_advanced_firewall_manager 12.0.0
hp helion_openstack 1.1.1
redhat enterprise_linux_hpc_node 7.0
gnu glibc 2.18
gnu glibc 2.11
gnu glibc 2.14
f5 big-ip_domain_name_system 12.0.0
suse linux_enterprise_server 11.0
gnu glibc 2.11.3
f5 big-ip_analytics 12.0.0
f5 big-ip_policy_enforcement_manager 12.0.0
gnu glibc 2.22
debian debian_linux 8.0
hp helion_openstack 2.1.0
canonical ubuntu_linux 12.04
gnu glibc 2.12
gnu glibc 2.13
gnu glibc 2.21
gnu glibc 2.10
suse linux_enterprise_software_development_kit 12
opensuse opensuse 13.2
sophos unified_threat_management_software 9.319
gnu glibc 2.15
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 15.10
suse linux_enterprise_software_development_kit 11.0
f5 big-ip_link_controller 12.0.0
hp server_migration_pack 7.5
f5 big-ip_access_policy_manager 12.0.0
gnu glibc 2.14.1
suse suse_linux_enterprise_server 12
redhat enterprise_linux_server 7.0
gnu glibc 2.11.1
suse linux_enterprise_desktop 11.0
gnu glibc 2.20
redhat enterprise_linux_server_aus 7.2
CVE-2015-7759 MEDIUM

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attackers to cause a denial of service (Traffic Management Microkernel (TMM) restart) via crafted ICMP packets, related to Path MTU (PMTU) discovery.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 12.0.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_analytics 12.0.0
CVE-2015-8021 MEDIUM

Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before HF6; BIG-IP AFM and PEM 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; and BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF11 and 11.3.0 allows remote authenticated users to upload files via uploadImage.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
f5 big-ip_protocol_security_module 11.0.0
f5 big-ip_analytics 11.2.1
f5 big-ip_local_traffic_manager 11.1.0
f5 big-ip_webaccelerator 11.0.0
f5 big-ip_link_controller 11.2.0
f5 big-ip_link_controller 11.0.0
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_global_traffic_manager 11.1.0
f5 big-ip_global_traffic_manager 11.0.0
f5 big-ip_protocol_security_module 11.1.0
f5 big-ip_edge_gateway 11.1.0
f5 big-ip_access_policy_manager 11.1.0
f5 big-ip_analytics 11.4.0
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_wan_optimization_manager 11.2.0
f5 big-ip_global_traffic_manager 11.3.0
f5 big-ip_local_traffic_manager 11.0.0
f5 big-ip_analytics 11.4.1
f5 big-ip_access_policy_manager 11.2.0
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_edge_gateway 11.2.0
f5 big-ip_global_traffic_manager 11.2.0
f5 big-ip_wan_optimization_manager 11.0.0
f5 big-ip_link_controller 11.3.0
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_application_security_manager 11.2.0
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_analytics 11.2.0
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_access_policy_manager 11.0.0
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_local_traffic_manager 11.2.0
f5 big-ip_wan_optimization_manager 11.1.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_webaccelerator 11.2.0
f5 big-ip_edge_gateway 11.0.0
f5 big-ip_protocol_security_module 11.2.0
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_application_security_manager 11.3.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_link_controller 11.1.0
f5 big-ip_analytics 11.0.0
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_webaccelerator 11.1.0
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_analytics 11.3.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_analytics 11.1.0
f5 big-ip_wan_optimization_manager 11.3.0
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_link_controller 11.4.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_application_security_manager 11.0.0
f5 big-ip_application_security_manager 11.1.0
CVE-2015-8022 HIGH

The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AFM and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF16 and 11.3.0; and BIG-IP PSM 11.x before 11.2.1 HF16, 11.3.x, and 11.4.x before 11.4.1 HF10 allows remote authenticated users with certain permissions to gain privileges by leveraging an Access Policy Manager customization configuration section that allows file uploads.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_protocol_security_module 11.0.0
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_webaccelerator 11.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.2.0
f5 big-ip_link_controller 11.5.3
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_global_traffic_manager 11.0.0
f5 big-ip_protocol_security_module 11.1.0
f5 big-ip_edge_gateway 11.1.0
f5 big-ip_access_policy_manager 11.1.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_wan_optimization_manager 11.2.0
f5 big-ip_analytics 11.5.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_access_policy_manager 11.2.0
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_edge_gateway 11.2.0
f5 big-ip_global_traffic_manager 11.2.0
f5 big-ip_link_controller 11.3.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_access_policy_manager 11.0.0
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_wan_optimization_manager 11.1.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_webaccelerator 11.2.0
f5 big-ip_edge_gateway 11.0.0
f5 big-ip_protocol_security_module 11.2.0
f5 big-ip_analytics 11.6.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_analytics 11.1.0
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_websafe 11.6.0
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_application_security_manager 11.1.0
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_analytics 11.2.1
f5 big-ip_local_traffic_manager 11.1.0
f5 big-ip_analytics 11.5.2
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_link_controller 11.0.0
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_global_traffic_manager 11.1.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_global_traffic_manager 11.3.0
f5 big-ip_local_traffic_manager 11.0.0
f5 big-ip_analytics 11.4.1
f5 big-ip_wan_optimization_manager 11.0.0
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_application_security_manager 11.2.0
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_analytics 11.2.0
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_local_traffic_manager 11.2.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_application_security_manager 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_link_controller 11.1.0
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_analytics 11.0.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_webaccelerator 11.1.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_analytics 11.3.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_wan_optimization_manager 11.3.0
f5 big-ip_link_controller 11.4.0
f5 big-ip_application_security_manager 11.0.0
CVE-2015-8098 HIGH

F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors related to processing a Citrix Remote Desktop connection through a virtual server configured with a remote desktop profile, aka an "Out-of-bounds memory vulnerability."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_access_policy_manager 11.2.0
CVE-2015-8099 MEDIUM

F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-iq_cloud 4.0.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_enterprise_manager 3.1.0
f5 big-ip_link_controller 11.5.3
f5 big-iq_security 4.5.0
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_enterprise_manager 3.1.1
f5 big-iq_cloud 4.3.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_analytics 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_link_controller 11.3.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-iq_security 4.4.0
f5 big-iq_cloud 4.2.0
f5 big-iq_device 4.5.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-iq_application_delivery_controller 4.5.0
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_analytics 11.6.0
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-iq_cloud 4.5.0
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-iq_security 4.1.0
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_local_traffic_manager 10.2.0
f5 big-iq_security 4.0.0
f5 big-iq_centralized_management 4.6.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-iq_device 4.2.0
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_analytics 11.5.2
f5 big-ip_application_security_manager 11.5.3
f5 big-iq_device 4.3.0
f5 big-iq_security 4.3.0
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-iq_security 4.2.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_global_traffic_manager 11.3.0
f5 big-ip_analytics 11.4.1
f5 big-iq_cloud 4.1.0
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-iq_device 4.4.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_analytics 12.0.0
f5 big-iq_cloud 4.4.0
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-iq_cloud_and_orchestration 1.0.0
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_application_security_manager 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_enterprise_manager 3.0.0
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_analytics 11.3.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_link_controller 12.0.0
f5 big-ip_wan_optimization_manager 11.3.0
f5 big-ip_link_controller 11.4.0
CVE-2015-8240 MEDIUM

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 and BIG-IP PSM before 11.4.1 HF10 does not properly handle TCP options, which allows remote attackers to cause a denial of service via unspecified vectors, related to the tm.minpathmtu database variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_link_controller 11.5.3
f5 big-ip_analytics 11.6.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_analytics 11.5.3
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_analytics 11.4.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_link_controller 11.4.1
f5 big-ip_protocol_security_module 11.4.1
CVE-2015-8611 HIGH

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers to obtain login access to AOM via an (1) expired or (2) default password.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 12.0.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_analytics 12.0.0
CVE-2016-0742 MEDIUM

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 15.10
redhat software_collections 1.0
f5 nginx *
debian debian_linux 7.0
canonical ubuntu_linux 14.04
apple xcode *
debian debian_linux 8.0
debian debian_linux 9.0
opensuse leap 42.1
CVE-2016-0746 HIGH

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
canonical ubuntu_linux 15.10
f5 nginx *
debian debian_linux 7.0
canonical ubuntu_linux 14.04
apple xcode *
debian debian_linux 8.0
debian debian_linux 9.0
opensuse leap 42.1
CVE-2016-0747 MEDIUM

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
canonical ubuntu_linux 15.10
f5 nginx *
debian debian_linux 7.0
canonical ubuntu_linux 14.04
apple xcode *
debian debian_linux 8.0
debian debian_linux 9.0
opensuse leap 42.1
CVE-2016-1247 HIGH

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,

Products Affected

Vendor Product Version
fedoraproject fedora 33
fedoraproject fedora 34
f5 nginx *
fedoraproject fedora 35
CVE-2016-1497 MEDIUM

The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4 HF2, 1.6.x before 11.6.1, and 12.0.0 before HF1 allows remote administrators to read Access Policy Manager (APM) access logs via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_protocol_security_module 11.0.0
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_advanced_firewall_manager 11.2.1
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_webaccelerator 11.0.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.2.0
f5 big-ip_link_controller 11.5.3
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_global_traffic_manager 11.0.0
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_protocol_security_module 11.1.0
f5 big-ip_edge_gateway 11.1.0
f5 big-ip_access_policy_manager 11.1.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_wan_optimization_manager 11.2.0
f5 big-ip_analytics 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_access_policy_manager 11.2.0
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_edge_gateway 11.2.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_global_traffic_manager 11.2.0
f5 big-ip_link_controller 11.3.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.0.0
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_wan_optimization_manager 11.1.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_webaccelerator 11.2.0
f5 big-ip_edge_gateway 11.0.0
f5 big-ip_protocol_security_module 11.2.0
f5 big-ip_analytics 11.6.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_link_controller 11.5.4
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_analytics 11.1.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_application_security_manager 11.1.0
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_analytics 11.2.1
f5 big-ip_local_traffic_manager 11.1.0
f5 big-ip_analytics 11.5.2
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_link_controller 11.0.0
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_global_traffic_manager 11.1.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_global_traffic_manager 11.3.0
f5 big-ip_local_traffic_manager 11.0.0
f5 big-ip_analytics 11.4.1
f5 big-ip_wan_optimization_manager 11.0.0
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_application_security_manager 11.2.0
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_analytics 11.2.0
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_analytics 12.0.0
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_local_traffic_manager 11.2.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_application_security_manager 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_link_controller 11.1.0
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_analytics 11.0.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_webaccelerator 11.1.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_analytics 11.3.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_link_controller 12.0.0
f5 big-ip_wan_optimization_manager 11.3.0
f5 big-ip_link_controller 11.4.0
f5 big-ip_application_security_manager 11.0.0
CVE-2016-2084 MEDIUM

F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.5.3
f5 big-iq_security 4.5.0
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_access_policy_manager 11.5.4
f5 big-iq_cloud 4.3.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_analytics 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_link_controller 11.3.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-iq_security 4.4.0
f5 big-iq_cloud 4.2.0
f5 big-iq_device 4.5.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-iq_application_delivery_controller 4.5.0
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_analytics 11.6.0
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-iq_cloud 4.5.0
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_link_controller 11.5.4
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-iq_device 4.2.0
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_analytics 11.5.2
f5 big-ip_application_security_manager 11.5.3
f5 big-iq_device 4.3.0
f5 big-iq_security 4.3.0
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-iq_security 4.2.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_global_traffic_manager 11.3.0
f5 big-ip_analytics 11.4.1
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-iq_device 4.4.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_analytics 12.0.0
f5 big-iq_cloud 4.4.0
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_security_manager 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_analytics 11.3.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_link_controller 12.0.0
f5 big-ip_wan_optimization_manager 11.3.0
f5 big-ip_link_controller 11.4.0
CVE-2016-3686 MEDIUM

The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 HF6 and BIG-IP Edge Gateway 11.0.0 through 11.3.0 might allow remote attackers to obtain sensitive SessionId information by leveraging access to the Location HTTP header in a redirect.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 11.1.0
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_access_policy_manager 11.0.0
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_access_policy_manager 11.2.0
f5 big-ip_edge_gateway 11.2.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_edge_gateway 11.0.0
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_edge_gateway 11.1.0
CVE-2016-3687 MEDIUM

Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the SSO_ORIG_URI parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_access_policy_manager 11.5.4
CVE-2016-4450 MEDIUM

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 15.10
f5 nginx *
canonical ubuntu_linux 14.04
f5 nginx 1.11.0
canonical ubuntu_linux 16.04
debian debian_linux 8.0
CVE-2016-4545 MEDIUM

Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service (resource consumption and Traffic Management Microkernel restart) via an SSL alert during the handshake.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_analytics 11.5.4
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_link_controller 11.5.4
CVE-2016-5020 HIGH

F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
f5 big-ip_protocol_security_module 10.2.3
f5 big-ip_local_traffic_manager 10.2.3
f5 big-ip_link_controller 11.5.2
f5 big-ip_global_traffic_manager 10.2.1
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.5.3
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_protocol_security_module 10.2.2
f5 big-ip_application_security_manager 10.2.3
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_local_traffic_manager 10.2.2
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_analytics 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_application_security_manager 10.2.1
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_access_policy_manager 10.2.1
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_edge_gateway 10.2.3
f5 big-ip_analytics 11.6.1
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_access_policy_manager 10.2.2
f5 big-ip_wan_optimization_manager 10.2.2
f5 big-ip_analytics 11.6.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_webaccelerator 10.2.4
f5 big-ip_link_controller 10.2.2
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_application_security_manager 10.2.2
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_link_controller 10.2.1
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_link_controller 11.5.4
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_local_traffic_manager 10.2.1
f5 big-ip_webaccelerator 10.2.2
f5 big-ip_link_controller 10.2.3
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_link_controller 10.2.4
f5 big-ip_webaccelerator 10.2.1
f5 big-ip_link_controller 11.4.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_access_policy_manager 10.2.4
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_analytics 11.2.1
f5 big-ip_access_policy_manager 10.2.3
f5 big-ip_analytics 11.5.2
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_webaccelerator 10.2.3
f5 big-ip_global_traffic_manager 10.2.3
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_edge_gateway 10.2.2
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_wan_optimization_manager 10.2.3
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_wan_optimization_manager 10.2.1
f5 big-ip_analytics 11.4.1
f5 big-ip_protocol_security_module 10.2.1
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_local_traffic_manager 10.2.4
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_analytics 12.0.0
f5 big-ip_wan_optimization_manager 10.2.4
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_application_security_manager 10.2.4
f5 big-ip_global_traffic_manager 10.2.2
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_edge_gateway 10.2.1
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_protocol_security_module 10.2.4
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_link_controller 12.0.0
f5 big-ip_global_traffic_manager 10.2.4
f5 big-ip_link_controller 11.4.0
f5 big-ip_edge_gateway 10.2.4
CVE-2016-5021 MEDIUM

The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 big-iq_device 4.2.0
f5 big-ip_link_controller 11.5.2
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_analytics 11.5.2
f5 big-iq_cloud 4.0.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_link_controller 11.5.3
f5 big-iq_device 4.3.0
f5 big-iq_security 4.3.0
f5 big-iq_security 4.5.0
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-iq_security 4.2.0
f5 big-ip_global_traffic_manager 11.5.1
f5 big-iq_cloud 4.3.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_analytics 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_global_traffic_manager 11.5.3
f5 big-iq_cloud 4.1.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_application_security_manager 11.5.0
f5 big-iq_device 4.4.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_access_policy_manager 11.5.0
f5 big-iq_security 4.4.0
f5 big-iq_cloud 4.2.0
f5 big-iq_device 4.5.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_analytics 12.0.0
f5 big-iq_cloud 4.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_link_controller 11.5.1
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-iq_application_delivery_controller 4.5.0
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-iq_cloud_and_orchestration 1.0.0
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_analytics 11.6.0
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-iq_cloud 4.5.0
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_local_traffic_manager 11.5.1
f5 big-iq_security 4.1.0
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-iq_security 4.0.0
f5 big-iq_centralized_management 4.6.0
f5 big-ip_link_controller 12.0.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_advanced_firewall_manager 11.5.0
CVE-2016-5022 HIGH

F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.x before 11.2.1 HF16 and 11.3.0; BIG-IP GTM 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1 HF1; BIG-IP PSM 11.2.x before 11.2.1 HF16, 11.3.x, and 11.4.0 through 11.4.1; Enterprise Manager 3.1.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 5.0.0; BIG-IQ Cloud and Orchestration 1.0.0; and iWorkflow 2.0.0, when Packet Filtering is enabled on virtual servers and possibly self IP addresses, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) and possibly have unspecified other impact via crafted network traffic.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-iq_cloud 4.0.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.2.0
f5 big-ip_link_controller 11.5.3
f5 big-iq_security 4.5.0
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_edge_gateway 11.3.0
f5 big-ip_access_policy_manager 11.5.4
f5 big-iq_cloud 4.3.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_wan_optimization_manager 11.2.0
f5 big-ip_analytics 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_access_policy_manager 11.2.0
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_edge_gateway 11.2.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_global_traffic_manager 11.2.0
f5 big-ip_link_controller 11.3.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-iq_security 4.4.0
f5 big-iq_cloud 4.2.0
f5 big-iq_device 4.5.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-iq_application_delivery_controller 4.5.0
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_analytics 11.6.1
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_webaccelerator 11.2.0
f5 big-ip_protocol_security_module 11.2.0
f5 big-ip_analytics 11.6.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-iq_cloud 4.5.0
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_local_traffic_manager 11.5.1
f5 big-iq_security 4.1.0
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_link_controller 11.5.4
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-iq_security 4.0.0
f5 big-iq_centralized_management 4.6.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-iq_device 4.2.0
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_analytics 11.2.1
f5 f5_iworkflow 2.0.0
f5 big-ip_analytics 11.5.2
f5 big-ip_local_traffic_manager 11.6.1
f5 enterprise_manager 3.1.1
f5 big-ip_application_security_manager 11.5.3
f5 big-iq_device 4.3.0
f5 big-iq_security 4.3.0
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-iq_security 4.2.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_global_traffic_manager 11.3.0
f5 big-ip_analytics 11.4.1
f5 big-iq_cloud 4.1.0
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-iq_device 4.4.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_application_security_manager 11.2.0
f5 big-ip_webaccelerator 11.3.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_analytics 11.2.0
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_analytics 12.0.0
f5 big-iq_cloud 4.4.0
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_local_traffic_manager 11.2.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-iq_cloud_and_orchestration 1.0.0
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_application_security_manager 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_analytics 11.3.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_link_controller 12.0.0
f5 big-ip_wan_optimization_manager 11.3.0
f5 big-ip_link_controller 11.4.0
CVE-2016-5023 MEDIUM

Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and 12.0.0, when configured with a TCP profile, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_analytics 11.2.1
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_link_controller 11.5.3
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_analytics 11.4.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_analytics 12.0.0
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_analytics 11.6.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_analytics 11.5.3
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_link_controller 11.5.4
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_link_controller 12.0.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_link_controller 11.4.1
CVE-2016-5024 MEDIUM

Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_link_controller 11.6.1
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_analytics 11.6.1
f5 big-ip_link_controller 12.1.0
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_analytics 12.1.0
f5 big-ip_analytics 12.1.1
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2016-5235 MEDIUM

A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted alert.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 websafe_alert_server *
CVE-2016-5236 LOW

Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 websafe_alert_server *
CVE-2016-5700 HIGH

Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_websafe 12.0.0
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 12.1.0
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_link_controller 11.5.3
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_link_controller 11.5.1
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_websafe 12.1.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_websafe 11.6.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_link_controller 11.5.4
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_link_controller 12.0.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_websafe 11.6.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2016-5736 MEDIUM

The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP DNS 12.x before 12.0.0 HF2; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 before HF16; BIG-IP GTM 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 11.4.0 through 11.4.1 improperly enables the anonymous IPsec IKE peer configuration object, which allows remote attackers to establish an IKE Phase 1 negotiation and possibly conduct brute-force attacks against Phase 2 negotiations via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_websafe 12.0.0
f5 big-ip_analytics 11.2.1
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_analytics 11.5.2
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_link_controller 11.5.3
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_analytics 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_analytics 11.4.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_analytics 12.0.0
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_analytics 11.6.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_link_controller 11.5.4
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_link_controller 12.0.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_link_controller 11.4.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_websafe 11.6.0
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 11.5.0
CVE-2016-5745 HIGH

F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system configuration files via vectors involving NAT64.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_local_traffic_manager 11.0.0
f5 big-ip_local_traffic_manager 11.1.0
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_local_traffic_manager 11.2.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_local_traffic_manager 11.4.0
CVE-2016-6249 LOW

F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_websafe 12.0.0
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_analytics 11.5.2
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_link_controller 11.5.3
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_websafe 11.5.3
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_websafe 11.5.2
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_analytics 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_analytics 12.0.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_analytics 11.6.1
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_websafe 11.5.4
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_websafe 11.5.1
f5 big-ip_analytics 11.6.0
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_websafe 11.6.1
f5 big-ip_websafe 11.5.0
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_link_controller 11.5.4
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_link_controller 12.0.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_websafe 11.6.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.0
CVE-2016-6876 MEDIUM

The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP Analytics 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP DNS 12.0.0 before HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 10.2.1 through 10.2.4 and 11.2.1; BIG-IP GTM 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 10.2.1 through 10.2.4 and 11.4.0 through 11.4.1 allows remote DNS servers to cause a denial of service (CPU consumption or Traffic Management Microkernel crash) via a crafted PTR response.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
f5 big-ip_protocol_security_module 10.2.3
f5 big-ip_local_traffic_manager 10.2.3
f5 big-ip_link_controller 11.5.2
f5 big-ip_global_traffic_manager 10.2.1
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.5.3
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_protocol_security_module 10.2.2
f5 big-ip_application_security_manager 10.2.3
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_local_traffic_manager 10.2.2
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_analytics 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_application_security_manager 10.2.1
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_access_policy_manager 10.2.1
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_edge_gateway 10.2.3
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_access_policy_manager 10.2.2
f5 big-ip_wan_optimization_manager 10.2.2
f5 big-ip_analytics 11.6.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_webaccelerator 10.2.4
f5 big-ip_link_controller 10.2.2
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_application_security_manager 10.2.2
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_link_controller 10.2.1
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_link_controller 11.5.4
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_local_traffic_manager 10.2.1
f5 big-ip_webaccelerator 10.2.2
f5 big-ip_link_controller 10.2.3
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_link_controller 10.2.4
f5 big-ip_webaccelerator 10.2.1
f5 big-ip_link_controller 11.4.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_access_policy_manager 10.2.4
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_analytics 11.2.1
f5 big-ip_access_policy_manager 10.2.3
f5 big-ip_analytics 11.5.2
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_webaccelerator 10.2.3
f5 big-ip_global_traffic_manager 10.2.3
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_edge_gateway 10.2.2
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_wan_optimization_manager 10.2.3
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_wan_optimization_manager 10.2.1
f5 big-ip_analytics 11.4.1
f5 big-ip_protocol_security_module 10.2.1
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_local_traffic_manager 10.2.4
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_analytics 12.0.0
f5 big-ip_wan_optimization_manager 10.2.4
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_application_security_manager 10.2.4
f5 big-ip_global_traffic_manager 10.2.2
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_edge_gateway 10.2.1
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_protocol_security_module 10.2.4
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_link_controller 12.0.0
f5 big-ip_global_traffic_manager 10.2.4
f5 big-ip_link_controller 11.4.0
f5 big-ip_edge_gateway 10.2.4
CVE-2016-7467 LOW

The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_access_policy_manager 11.5.4
CVE-2016-7468 MEDIUM

An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to non-default setting "enabled". The default value for the tm.tcpprogressive db variable is "negotiate". An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_analytics 11.5.2
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_link_controller 11.5.3
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_analytics 11.5.1
f5 big-ip_analytics 11.4.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_link_controller 11.5.4
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_link_controller 11.4.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 11.5.0
CVE-2016-7469 LOW

A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_advanced_firewall_manager 11.2.1
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.5.3
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_wan_optimization_manager 11.2.1
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_analytics 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_analytics 12.1.2
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_analytics 11.6.1
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_analytics 11.6.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_websafe 12.1.2
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_websafe 11.6.1
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_link_controller 11.5.4
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_analytics 12.1.1
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_websafe 11.6.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_websafe 12.0.0
f5 big-ip_analytics 11.2.1
f5 big-ip_analytics 11.5.2
f5 big-ip_local_traffic_manager 11.6.1
f5 enterprise_manager 3.1.1
f5 big-ip_link_controller 12.1.0
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_analytics 11.4.1
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_link_controller 12.1.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_websafe 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_analytics 12.0.0
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_websafe 12.1.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.2
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_link_controller 12.0.0
f5 big-ip_link_controller 11.4.0
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2016-7472 MEDIUM

F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_application_security_manager 12.1.1
CVE-2016-7474 LOW

In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.5.3
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_analytics 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_analytics 11.6.1
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_analytics 11.6.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_websafe 11.6.1
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_link_controller 11.5.4
f5 big-ip_analytics 12.1.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_analytics 12.1.1
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_websafe 11.6.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_websafe 12.0.0
f5 big-ip_analytics 11.2.1
f5 big-ip_analytics 11.5.2
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_link_controller 12.1.0
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_analytics 11.4.1
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_link_controller 12.1.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_websafe 12.1.1
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_analytics 12.0.0
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_websafe 12.1.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_link_controller 12.0.0
f5 big-ip_link_controller 11.4.0
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2016-7475 MEDIUM

Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_security_manager *
f5 big-ip_protocol_security_module *
CVE-2016-7476 MEDIUM

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from a memory leak while handling certain types of TCP traffic. Remote attackers may cause a denial of service (DoS) by way of a crafted TCP packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_link_controller 11.5.3
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_global_traffic_manager 11.3.0
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_link_controller 11.3.0
f5 big-ip_local_traffic_manager 11.3.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_protocol_security_module 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_application_acceleration_manager 11.3.0
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_application_security_manager 11.3.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_advanced_firewall_manager 11.3.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_access_policy_manager 11.3.0
f5 big-ip_policy_enforcement_manager 11.3.0
f5 big-ip_link_controller 11.4.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_websafe 11.6.0
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 11.5.0
CVE-2016-9244 MEDIUM

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.5.3
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_analytics 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_analytics 12.1.2
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_analytics 11.6.1
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_analytics 11.6.0
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_link_controller 11.5.4
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_analytics 12.1.1
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_analytics 11.5.2
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_link_controller 12.1.0
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_analytics 11.4.1
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_link_controller 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_analytics 12.0.0
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.2
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_link_controller 12.0.0
f5 big-ip_link_controller 11.4.0
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2016-9245 MEDIUM

In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "Normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_analytics 12.1.2
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_websafe 12.1.0
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.0
f5 big-ip_link_controller 12.1.2
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_websafe 12.1.2
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_analytics 12.1.1
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_websafe 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2016-9247 MEDIUM

Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_websafe 12.1.0
f5 big-ip_analytics 12.1.0
f5 big-ip_link_controller 12.1.0
f5 big-ip_analytics 12.1.1
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_websafe 12.1.1
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2016-9249 HIGH

An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_websafe 12.0.0
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_websafe 12.1.0
f5 big-ip_link_controller 12.1.0
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_analytics 12.1.0
f5 big-ip_analytics 12.1.1
f5 big-ip_link_controller 12.0.0
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_websafe 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
f5 big-ip_analytics 12.0.0
CVE-2016-9250 MEDIUM

In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_advanced_firewall_manager 11.2.1
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.5.3
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_analytics 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_analytics 12.1.2
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_analytics 11.6.1
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_analytics 11.6.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_websafe 12.1.2
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_websafe 11.6.1
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_link_controller 11.5.4
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_analytics 12.1.1
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_websafe 11.6.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_websafe 12.0.0
f5 big-ip_analytics 11.2.1
f5 big-ip_analytics 11.5.2
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_link_controller 12.1.0
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_analytics 11.4.1
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_link_controller 12.1.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_websafe 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_analytics 12.0.0
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_websafe 12.1.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.2
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_link_controller 12.0.0
f5 big-ip_link_controller 11.4.0
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2016-9251 MEDIUM

In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_websafe 12.0.0
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_analytics 12.1.2
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_websafe 12.1.0
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.0
f5 big-ip_link_controller 12.1.2
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_websafe 12.1.2
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_analytics 12.1.1
f5 big-ip_link_controller 12.0.0
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_websafe 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
f5 big-ip_analytics 12.0.0
CVE-2016-9252 MEDIUM

The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
f5 big-ip_protocol_security_module 10.2.3
f5 big-ip_local_traffic_manager 10.2.3
f5 big-ip_link_controller 11.5.2
f5 big-ip_global_traffic_manager 10.2.1
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.5.3
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_protocol_security_module 10.2.2
f5 big-ip_application_security_manager 10.2.3
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_local_traffic_manager 10.2.2
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_analytics 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_application_security_manager 10.2.1
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_access_policy_manager 10.2.1
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_edge_gateway 10.2.3
f5 big-ip_analytics 11.6.1
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_access_policy_manager 10.2.2
f5 big-ip_analytics 11.6.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_webaccelerator 10.2.4
f5 big-ip_link_controller 10.2.2
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_application_security_manager 10.2.2
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_link_controller 10.2.1
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_websafe 11.6.1
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_link_controller 11.5.4
f5 big-ip_analytics 12.1.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_local_traffic_manager 10.2.1
f5 big-ip_webaccelerator 10.2.2
f5 big-ip_link_controller 10.2.3
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-ip_analytics 12.1.1
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_link_controller 10.2.4
f5 big-ip_webaccelerator 10.2.1
f5 big-ip_link_controller 11.4.1
f5 big-ip_websafe 11.6.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_access_policy_manager 10.2.4
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_websafe 12.0.0
f5 big-ip_analytics 11.2.1
f5 big-ip_access_policy_manager 10.2.3
f5 big-ip_analytics 11.5.2
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_link_controller 12.1.0
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_webaccelerator 10.2.3
f5 big-ip_global_traffic_manager 10.2.3
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_edge_gateway 10.2.2
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_analytics 11.4.1
f5 big-ip_protocol_security_module 10.2.1
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_local_traffic_manager 10.2.4
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_link_controller 12.1.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_websafe 12.1.1
f5 big-ip_protocol_security_module 11.4.1
f5 big-ip_analytics 12.0.0
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_application_security_manager 10.2.4
f5 big-ip_websafe 12.1.0
f5 big-ip_global_traffic_manager 10.2.2
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_edge_gateway 10.2.1
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_protocol_security_module 10.2.4
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_link_controller 12.0.0
f5 big-ip_global_traffic_manager 10.2.4
f5 big-ip_link_controller 11.4.0
f5 big-ip_edge_gateway 10.2.4
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2016-9253 MEDIUM

In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_analytics 12.1.2
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_websafe 12.1.0
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.0
f5 big-ip_link_controller 12.1.2
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_websafe 12.1.2
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_analytics 12.1.1
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_websafe 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2016-9256 MEDIUM

In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_websafe 12.0.0
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_analytics 12.1.2
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_websafe 12.1.0
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.0
f5 big-ip_link_controller 12.1.2
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_websafe 12.1.2
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_analytics 12.1.1
f5 big-ip_link_controller 12.0.0
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_websafe 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
f5 big-ip_analytics 12.0.0
CVE-2016-9257 MEDIUM

In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_access_policy_manager 12.1.0
CVE-2017-0301 MEDIUM

In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_access_policy_manager 11.5.4
CVE-2017-0302 LOW

In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.

CVSS 2.0

Severity: LOW

Problem Type: CWE-118,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_access_policy_manager 12.1.0
CVE-2017-0303 MEDIUM

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-459,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 12.1.0
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_link_controller 11.5.3
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_application_acceleration_manager 11.5.5
f5 big-ip_advanced_firewall_manager 11.5.5
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_policy_enforcement_manager 11.5.5
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_link_controller 13.0.0
f5 big-ip_link_controller 11.5.5
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_link_controller 11.5.1
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_link_controller 12.1.2
f5 big-ip_application_security_manager 11.5.5
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_local_traffic_manager 11.5.5
f5 big-ip_access_policy_manager 11.5.5
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_link_controller 11.5.4
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_websafe 1.0.0
f5 big-ip_link_controller 12.0.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_local_traffic_manager 13.0.0
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2017-0304 MEDIUM

A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2017-0305 HIGH

F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 ssl_intercept_iapp 1.5.0
f5 ssl_intercept_iapp 1.5.7
CVE-2017-18017 HIGH

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
redhat enterprise_linux_desktop 6.0
arista eos 4.20.1fx-virtual-router
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.4
suse linux_enterprise_software_development_kit 11
f5 arx *
opensuse leap 42.3
redhat enterprise_linux_workstation 7.0
suse linux_enterprise_workstation_extension 12
canonical ubuntu_linux 14.04
debian debian_linux 8.0
suse linux_enterprise_module_for_public_cloud 12
canonical ubuntu_linux 12.04
suse linux_enterprise_desktop 12
suse linux_enterprise_real_time_extension 12
redhat enterprise_linux_server 6.0
suse linux_enterprise_live_patching 12
suse caas_platform *
suse linux_enterprise_high_availability 12
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_tus 7.4
suse linux_enterprise_server 12
linux linux_kernel *
suse linux_enterprise_software_development_kit 12
suse openstack_cloud 6
suse linux_enterprise_high_availability_extension 11
suse linux_enterprise_debuginfo 11
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_eus 7.7
openstack cloud_magnum_orchestration 7
redhat mrg_realtime 2.0
redhat enterprise_linux_for_real_time_for_nfv 7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.3
suse linux_enterprise_real_time_extension 11
arista eos *
suse linux_enterprise_server 11
redhat enterprise_linux_eus 7.4
suse linux_enterprise_point_of_sale 11
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_tus 7.3
debian debian_linux 7.0
redhat enterprise_linux_for_real_time 7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.7
CVE-2017-20005 HIGH

NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-120,CWE-190,

Products Affected

Vendor Product Version
f5 nginx *
debian debian_linux 9.0
CVE-2017-6128 MEDIUM

An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_analytics 11.5.0
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.5.3
f5 big-iq_security 4.5.0
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.4.1
f5 big-ip_analytics 11.5.1
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_application_security_manager 11.4.1
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-iq_security 4.4.0
f5 big-iq_device 4.5.0
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.4.0
f5 big-ip_application_security_manager 11.5.2
f5 big-iq_application_delivery_controller 4.5.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_analytics 11.6.1
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_analytics 11.6.0
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-iq_cloud 4.5.0
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_websafe 11.6.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_link_controller 11.5.4
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_advanced_firewall_manager 11.4.0
f5 big-iq_centralized_management 4.6.0
f5 big-ip_link_controller 11.4.1
f5 big-ip_websafe 11.6.0
f5 big-ip_local_traffic_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_analytics 11.2.1
f5 f5_iworkflow 2.0.0
f5 big-ip_analytics 11.5.2
f5 big-ip_local_traffic_manager 11.6.1
f5 enterprise_manager 3.1.1
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_access_policy_manager 11.4.1
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_analytics 11.4.0
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_analytics 11.4.1
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_security_manager 11.5.0
f5 big-iq_device 4.4.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_local_traffic_manager 11.4.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_protocol_security_module 11.4.1
f5 big-iq_cloud 4.4.0
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_application_security_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-iq_cloud_and_orchestration 1.0.0
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_protocol_security_module 11.4.0
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_link_controller 11.4.0
CVE-2017-6129 HIGH

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_access_policy_manager 13.0.0
CVE-2017-6130 MEDIUM

F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
f5 ssl_intercept_iapp 1.5.0
f5 ssl_orchestrator 2.0
f5 ssl_intercept_iapp 1.5.7
CVE-2017-6131 HIGH

In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_websafe 12.0.0
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_websafe 12.1.0
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_websafe 13.0.0
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller 12.1.0
f5 big-ip_link_controller 12.1.2
f5 big-ip_domain_name_system 13.0.0
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_websafe 12.1.2
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_link_controller 12.0.0
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_websafe 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_local_traffic_manager 13.0.0
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2017-6132 MEDIUM

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_link_controller 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_analytics 11.5.2
f5 big-ip_application_security_manager *
f5 big-ip_dns 11.5.0
f5 big-ip_analytics 11.5.0
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_link_controller 11.5.3
f5 big-ip_application_acceleration_manager *
f5 big-ip_dns 11.5.3
f5 big-ip_analytics *
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_analytics 13.0.0
f5 big-ip_websafe 11.5.3
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_websafe 11.5.2
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_analytics 11.5.1
f5 big-ip_link_controller 13.0.0
f5 big-ip_dns 11.5.4
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_dns 11.5.2
f5 big-ip_dns 11.5.1
f5 big-ip_global_traffic_manager *
f5 big-ip_dns *
f5 big-ip_access_policy_manager *
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_websafe 13.0.0
f5 big-ip_websafe *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_websafe 11.5.4
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_websafe 11.5.1
f5 big-ip_policy_enforcement_manager *
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_websafe 11.5.0
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_link_controller 11.5.4
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_dns 13.0.0
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
f5 big-ip_advanced_firewall_manager 11.5.0
CVE-2017-6133 HIGH

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_dns *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_websafe 13.0.0
f5 big-ip_websafe *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_dns 13.0.0
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2017-6134 LOW

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_dns *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_websafe 13.0.0
f5 big-ip_websafe *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_dns 13.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2017-6135 HIGH

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-772,

Products Affected

Vendor Product Version
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_dns 13.0.0
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_analytics 13.0.0
f5 big-ip_websafe 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
f5 big-ip_policy_enforcement_manager 13.0.0
CVE-2017-6136 MEDIUM

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_dns *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_websafe 13.0.0
f5 big-ip_websafe *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_dns 13.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2017-6137 MEDIUM

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_link_controller 11.6.1
f5 big-ip_websafe 12.0.0
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_link_controller 12.1.0
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_websafe 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_analytics 12.0.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_analytics 12.1.2
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_websafe 12.1.0
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_analytics 11.6.1
f5 big-ip_link_controller 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_websafe 12.1.2
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_websafe 11.6.1
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_analytics 12.1.1
f5 big-ip_link_controller 12.0.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2017-6138 MEDIUM

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_dns *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_websafe 13.0.0
f5 big-ip_websafe *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_dns 13.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2017-6139 MEDIUM

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_access_policy_manager 13.0.0
CVE-2017-6140 MEDIUM

On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_analytics 11.5.2
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_dns 11.5.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_analytics 11.5.0
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_global_traffic_manager 12.0.0
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_dns 11.5.3
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_analytics 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_dns 11.5.4
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_dns 12.1.1
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_dns 11.5.2
f5 big-ip_dns 11.5.1
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_analytics 12.0.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_analytics 12.1.2
f5 big-ip_global_traffic_manager 12.1.0
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_analytics 11.6.1
f5 big-ip_dns 11.6.1
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_analytics 11.6.0
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_dns 11.6.0
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_dns 12.1.0
f5 big-ip_dns 12.1.2
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_dns 12.0.0
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_global_traffic_manager 12.1.2
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_global_traffic_manager 12.1.1
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_analytics 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 11.5.0
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2017-6141 MEDIUM

In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Session Ticket option is disabled by default.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_websafe 12.1.0
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.0
f5 big-ip_link_controller 12.1.2
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_websafe 12.1.2
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_websafe 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2017-6142 MEDIUM

X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
CVE-2017-6143 MEDIUM

X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly validated in F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.2, or 11.5.0-11.5.5.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_security_manager *
CVE-2017-6144 MEDIUM

In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC databases are used in BIG-IP PEM for Device Type and OS (DTOS) and Tethering detection. Customers not using BIG-IP PEM, not configuring downloads of TAC database files, or not using HTTP for that download are not affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
CVE-2017-6145 HIGH

iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate cookies when making that conversion, allowing once-valid but now expired cookies to be converted to valid tokens.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-613,

Products Affected

Vendor Product Version
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_analytics 12.1.2
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_websafe 12.1.0
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_websafe 13.0.0
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller 12.1.0
f5 big-ip_link_controller 12.1.2
f5 big-ip_domain_name_system 13.0.0
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_analytics 13.0.0
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_websafe 12.1.2
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_link_controller 13.0.0
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_analytics 12.1.1
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_websafe 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_local_traffic_manager 13.0.0
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2017-6147 MEDIUM

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_websafe 12.1.2
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_analytics 12.1.2
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_websafe 13.0.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller 12.1.2
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_domain_name_system 13.0.0
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_analytics 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2017-6148 MEDIUM

Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane is not impacted by this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_websafe 13.0.0
f5 big-ip_websafe *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2017-6150 HIGH

Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_dns *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_websafe 13.0.0
f5 big-ip_websafe *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_dns 13.0.0
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2017-6151 HIGH

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_websafe 13.0.0
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_dns 13.0.0
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_analytics 13.0.0
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2017-6152 LOW

A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password.

CVSS 2.0

Severity: LOW

Problem Type: CWE-269,

Products Affected

Vendor Product Version
f5 big-iq_centralized_management *
CVE-2017-6153 MEDIUM

Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_edge_gateway 13.1.0
f5 big-ip_analytics 11.2.1
f5 big-ip_advanced_firewall_manager 11.2.1
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_webaccelerator 13.1.0
f5 big-ip_webaccelerator *
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_link_controller 13.0.0
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_policy_enforcement_manager 11.2.1
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_acceleration_manager 11.2.1
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_domain_name_system 13.0.0
f5 big-ip_edge_gateway *
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_domain_name_system 11.2.1
f5 big-ip_analytics 13.1.0
f5 big-ip_fraud_protection_service 13.0.0
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_fraud_protection_service 11.2.1
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2017-6154 MEDIUM

On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_application_security_manager *
CVE-2017-6155 MEDIUM

On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_protocol_security_module 13.0.0
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_acceleration_manager 11.2.1
f5 big-ip_advanced_firewall_manager 11.2.1
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_websafe 13.0.0
f5 big-ip_websafe *
f5 big-ip_protocol_security_module *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_websafe 11.2.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_link_controller 13.0.0
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_policy_enforcement_manager 11.2.1
f5 big-ip_advanced_firewall_manager *
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_protocol_security_module 11.2.1
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2017-6156 MEDIUM

When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary credentials to negotiate the phase 1 of the IPSec exchange to exploit this vulnerability; in many environment this limits the attack surface to other endpoints under the same administration.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_access_policy_manager *
f5 big-ip_link_controller 11.6.1
f5 big-ip_application_acceleration_manager 11.2.1
f5 big-ip_analytics 11.2.1
f5 big-ip_advanced_firewall_manager 11.2.1
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_domain_name_system 11.6.1
f5 big-ip_application_security_manager *
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_domain_name_system *
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_websafe *
f5 big-ip_analytics 11.6.1
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_analytics *
f5 big-ip_websafe 11.2.1
f5 big-ip_domain_name_system 11.2.1
f5 big-ip_websafe 11.6.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_webaccelerator 11.6.1
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_policy_enforcement_manager 11.2.1
f5 big-ip_advanced_firewall_manager *
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_edge_gateway 11.6.1
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_policy_enforcement_manager 11.6.1
CVE-2017-6157 MEDIUM

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_websafe 12.0.0
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_application_security_manager *
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_websafe 12.1.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 12.1.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_link_controller 11.6.0
f5 big-ip_websafe 11.6.1
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_link_controller 12.0.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_websafe 12.1.1
f5 big-ip_websafe 11.6.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2017-6158 MEDIUM

In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is a vulnerability in TMM related to handling of invalid IP addresses.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 11.2.1
f5 big-ip_analytics 11.2.1
f5 big-ip_advanced_firewall_manager 11.2.1
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_analytics *
f5 big-ip_websafe 11.2.1
f5 big-ip_domain_name_system 11.2.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_policy_enforcement_manager 11.2.1
f5 big-ip_advanced_firewall_manager *
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager 11.2.1
CVE-2017-6159 MEDIUM

F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. An attacker may be able to disrupt services by causing TMM to restart hence temporarily failing to process traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.0
f5 big-ip_link_controller 12.1.2
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_link_controller 11.6.0
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_websafe 1.0.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_link_controller 12.0.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2017-6160 MEDIUM

In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic. This issue is exposed on virtual servers using a Policy Enforcement profile or a Web Acceleration profile. Systems that do not have BIG-IP AAM module provisioned are not vulnerable. The Traffic Management Microkernel (TMM) may restart and temporarily fail to process traffic. Systems that do not have BIG-IP AAM or PEM module provisioned are not vulnerable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_application_acceleration_manager 11.4.1
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.4.0
f5 big-ip_policy_enforcement_manager 11.4.1
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_application_acceleration_manager 11.5.5
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.5.5
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_policy_enforcement_manager 11.4.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_policy_enforcement_manager 11.6.1
CVE-2017-6161 LOW

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion.

CVSS 2.0

Severity: LOW

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_advanced_firewall_manager 11.2.1
f5 big-ip_application_security_manager *
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_global_traffic_manager 12.0.0
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_webaccelerator 11.5.1
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_edge_gateway 12.1.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_global_traffic_manager 11.4.0
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_webaccelerator 11.5.2
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_edge_gateway 12.1.1
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_domain_name_system 11.6.1
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_global_traffic_manager 12.1.0
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_edge_gateway 12.1.2
f5 big-ip_edge_gateway 11.5.2
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_link_controller 11.2.1
f5 big-ip_edge_gateway 11.4.0
f5 big-ip_edge_gateway 11.5.1
f5 big-ip_domain_name_system 11.2.1
f5 big-ip_webaccelerator 11.4.1
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_global_traffic_manager 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_edge_gateway 11.5.3
f5 big-ip_edge_gateway 11.6.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway 11.5.4
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_webaccelerator 11.4.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_webaccelerator 11.6.2
f5 big-ip_webaccelerator 12.1.0
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_webaccelerator 11.5.5
f5 big-ip_domain_name_system *
f5 big-ip_link_controller 12.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_global_traffic_manager 11.4.1
f5 big-ip_edge_gateway 12.0.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_edge_gateway 11.5.5
f5 big-ip_domain_name_system 11.6.0
f5 big-ip_policy_enforcement_manager 11.2.1
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_webaccelerator 12.1.1
f5 big-ip_edge_gateway 11.4.1
f5 big-ip_access_policy_manager *
f5 big-ip_webaccelerator 11.6.0
f5 big-ip_application_acceleration_manager 11.2.1
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_webaccelerator 12.1.2
f5 big-ip_link_controller 12.1.2
f5 big-ip_webaccelerator 11.5.4
f5 big-ip_webaccelerator 12.0.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_link_controller 11.6.0
f5 big-ip_webaccelerator 11.5.0
f5 big-ip_webaccelerator 11.5.3
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_webaccelerator 11.6.1
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_global_traffic_manager 12.1.1
f5 big-ip_link_controller 12.0.0
f5 big-ip_edge_gateway 11.6.1
f5 big-ip_edge_gateway 11.5.0
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2017-6162 MEDIUM

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may crash when processing TCP traffic. This vulnerability affects TMM via a virtual server configured with TCP profile. Traffic processing is disrupted while Traffic Management Microkernel (TMM) restarts. If the affected BIG-IP system is configured to be part of a device group, it will trigger a failover to the peer device.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_advanced_firewall_manager 11.2.1
f5 big-ip_application_security_manager *
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 12.1.0
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_policy_enforcement_manager 11.2.1
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 11.2.1
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_link_controller 11.6.0
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_websafe 1.0.0
f5 big-ip_link_controller 12.0.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2017-6163 MEDIUM

In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_application_security_manager *
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 12.1.0
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_protocol_security_module 12.1.1
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_protocol_security_module 12.1.0
f5 big-ip_access_policy_manager *
f5 big-ip_protocol_security_module 11.6.1
f5 big-ip_protocol_security_module 12.1.2
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_protocol_security_module *
f5 big-ip_link_controller 12.1.2
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_protocol_security_module 12.0.0
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_link_controller 11.6.0
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_link_controller 12.0.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_protocol_security_module 11.6.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2017-6164 MEDIUM

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_link_controller 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_local_traffic_manager 11.5.0
f5 big-ip_analytics 11.5.2
f5 big-ip_application_security_manager *
f5 big-ip_dns 11.5.0
f5 big-ip_analytics 11.5.0
f5 big-ip_webaccelerator *
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_link_controller 11.5.3
f5 big-ip_application_acceleration_manager *
f5 big-ip_webaccelerator 11.5.1
f5 big-ip_dns 11.5.3
f5 big-ip_analytics *
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_analytics 13.0.0
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_websafe 11.5.3
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_websafe 11.5.2
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_analytics 11.5.1
f5 big-ip_link_controller 13.0.0
f5 big-ip_dns 11.5.4
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_webaccelerator 11.5.2
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_application_security_manager 11.5.0
f5 big-ip_access_policy_manager 11.5.0
f5 big-ip_dns 11.5.2
f5 big-ip_dns 11.5.1
f5 big-ip_global_traffic_manager *
f5 big-ip_dns *
f5 big-ip_access_policy_manager *
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_websafe 13.0.0
f5 big-ip_edge_gateway 11.5.2
f5 big-ip_websafe *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_policy_enforcement_manager 11.5.0
f5 big-ip_websafe 11.5.4
f5 big-ip_webaccelerator 11.5.4
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_websafe 11.5.1
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager 11.5.0
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_edge_gateway 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_websafe 11.5.0
f5 big-ip_webaccelerator 11.5.0
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_webaccelerator 11.5.3
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_global_traffic_manager 11.5.0
f5 big-ip_link_controller 11.5.0
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_link_controller 11.5.4
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_edge_gateway 11.5.3
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway 11.5.4
f5 big-ip_dns 13.0.0
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_edge_gateway 11.5.0
f5 big-ip_local_traffic_manager 13.0.0
f5 big-ip_advanced_firewall_manager 11.5.0
CVE-2017-6165 MEDIUM

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 11.5.2
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_access_policy_manager 11.5.3
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_application_security_manager 12.0.0
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_link_controller 11.5.3
f5 big-ip_global_traffic_manager 12.0.0
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_domain_name_system 11.5.3
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_global_traffic_manager 11.5.2
f5 big-ip_websafe 11.5.2
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_analytics 11.5.1
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.3
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_application_security_manager 11.5.2
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_domain_name_system 11.5.1
f5 big-ip_domain_name_system 11.6.1
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_global_traffic_manager 12.1.0
f5 big-ip_local_traffic_manager 11.6.0
f5 big-ip_analytics 11.6.1
f5 big-ip_websafe 11.5.1
f5 big-ip_analytics 11.6.0
f5 big-ip_application_acceleration_manager 11.5.2
f5 big-ip_analytics 11.5.3
f5 big-ip_application_security_manager 11.5.1
f5 big-ip_websafe 12.1.2
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_websafe 11.6.1
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 11.5.1
f5 big-ip_global_traffic_manager 11.6.0
f5 big-ip_application_acceleration_manager 11.5.3
f5 big-ip_global_traffic_manager 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_link_controller 11.5.4
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_advanced_firewall_manager 11.6.0
f5 big-ip_analytics 12.1.1
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_websafe 11.6.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_access_policy_manager 11.6.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_advanced_firewall_manager 11.5.1
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_websafe 12.0.0
f5 big-ip_analytics 11.5.2
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_domain_name_system 11.5.2
f5 big-ip_link_controller 12.1.0
f5 big-ip_application_security_manager 11.5.3
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_analytics 12.2.0
f5 big-ip_websafe 11.5.3
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_global_traffic_manager 11.5.1
f5 big-ip_application_acceleration_manager 11.5.1
f5 big-ip_domain_name_system 11.6.0
f5 big-ip_access_policy_manager 11.5.2
f5 big-ip_application_acceleration_manager 11.6.0
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_link_controller 12.1.1
f5 big-ip_websafe 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_analytics 12.0.0
f5 big-ip_policy_enforcement_manager 11.5.3
f5 big-ip_analytics 11.5.4
f5 big-ip_link_controller 11.5.1
f5 big-ip_policy_enforcement_manager 11.5.2
f5 big-ip_websafe 12.1.0
f5 big-ip_local_traffic_manager 11.5.3
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.2
f5 big-ip_websafe 11.5.4
f5 big-ip_policy_enforcement_manager 11.5.1
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_domain_name_system 11.5.4
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_advanced_firewall_manager 11.5.2
f5 big-ip_advanced_firewall_manager 11.5.3
f5 big-ip_link_controller 11.6.0
f5 big-ip_local_traffic_manager 11.5.2
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_global_traffic_manager 12.1.1
f5 big-ip_access_policy_manager 11.5.1
f5 big-ip_link_controller 12.0.0
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2017-6166 MEDIUM

In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_dns *
f5 f5_websafe *
f5 big-ip_apm *
f5 big-ip_ltm *
f5 big-ip_pem *
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
f5 big-ip_asm *
f5 linerate *
f5 big-ip_afm *
CVE-2017-6167 HIGH

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
f5 big-ip_dns *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_websafe 13.0.0
f5 big-ip_websafe *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_dns 13.0.0
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2017-6168 MEDIUM

On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
f5 big-ip_apm *
f5 websafe *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_apm 13.0.0
f5 big-ip_asm *
f5 big-ip_ltm 13.0.0
f5 big-ip_afm *
f5 big-ip_link_controller *
f5 big-ip_ltm *
f5 big-ip_pem 13.0.0
f5 big-ip_asm 13.0.0
f5 big-ip_pem *
f5 big-ip_application_acceleration_manager *
f5 websafe 11.6.2
f5 big-ip_analytics *
f5 big-ip_afm 13.0.0
f5 big-ip_analytics 13.0.0
f5 websafe 13.0.0
CVE-2017-6169 MEDIUM

In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_policy_enforcement_manager 11.6.0
f5 big-ip_policy_enforcement_manager 12.1.3
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_policy_enforcement_manager 11.6.2
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_policy_enforcement_manager 13.0.0
CVE-2017-7529 MEDIUM

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
f5 nginx *
apple xcode *
puppet puppet_enterprise *
CVE-2018-12207 MEDIUM

Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 2.0 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
intel core_i5-10210u_firmware -
intel xeon_e3-1230_v5_firmware -
intel xeon_e5-2643_v4_firmware -
intel xeon_e7-2890_v2_firmware -
intel xeon_e7-8891_v3_firmware -
intel xeon_lc3528_firmware -
intel xeon_e3-1241_v3_firmware -
intel core_i7-7560u_firmware -
intel xeon_e3-1226_v3_firmware -
intel xeon_e5620_firmware -
intel xeon_e5-4610_v3_firmware -
intel core_i3-8350k_firmware -
intel xeon_5110_firmware -
intel xeon_e5-1630_v3_firmware -
intel xeon_e5607_firmware -
intel xeon_e5-2630l_v2_firmware -
intel xeon_e3-1565l_v5_firmware -
intel core_i5-1035g4_firmware -
intel xeon_e-2274g_firmware -
intel xeon_e5320_firmware -
intel xeon_e5-4640_v4_firmware -
intel xeon_l7555_firmware -
intel core_i5-9500t_firmware -
intel xeon_e3-1558l_v5_firmware -
intel xeon_e3-1280_v6_firmware -
intel celeron_g4930_firmware -
intel xeon_w-2135_firmware -
intel xeon_e5540_firmware -
intel xeon_e3-1535m_v5_firmware -
intel xeon_e5-1660_v4_firmware -
intel xeon_w-2245_firmware -
intel core_i5-8500b_firmware -
intel xeon_silver_4210_firmware -
intel xeon_w-3245_firmware -
intel xeon_e5-2407_v2_firmware -
intel core_i5-7400t_firmware -
intel xeon_w-2295_firmware -
intel xeon_e-2134_firmware -
intel xeon_x3330_firmware -
intel xeon_7040_firmware -
intel xeon_gold_6240m_firmware -
intel xeon_platinum_9221_firmware -
intel core_i7-9700k_firmware -
intel xeon_e-2126g_firmware -
intel xeon_d-1529_firmware -
intel xeon_e5-2440_v2_firmware -
intel xeon_e5-1630_v4_firmware -
intel xeon_d-1637_firmware -
intel xeon_e5-2603_v4_firmware -
intel xeon_e5503_firmware -
intel xeon_silver_4208_firmware -
intel xeon_x3220_firmware -
intel xeon_e5-2450l_v2_firmware -
intel xeon_x5365_firmware -
intel xeon_e3-1220_v6_firmware -
intel core_m3-6y30_firmware -
intel xeon_e5-2680_v2_firmware -
intel xeon_7110n_firmware -
intel xeon_platinum_8268_firmware -
intel core_i5-8700b_firmware -
intel xeon_d-1571_firmware -
intel pentium_gold_g5420t_firmware -
intel celeron_g4930t_firmware -
intel xeon_x3210_firmware -
intel xeon_l7445_firmware -
intel xeon_e5-4603_v2_firmware -
intel xeon_w-3265m_firmware -
intel xeon_d-1567_firmware -
intel core_i7-7820x_firmware -
intel xeon_e-2124_firmware -
intel core_i7-10710u_firmware -
intel xeon_e7-8895_v2_firmware -
intel xeon_e3-1270_v6_firmware -
intel xeon_e5-2623_v4_firmware -
intel core_i5-8200y_firmware -
intel core_i7-8559u_firmware -
intel xeon_gold_6222v_firmware -
intel xeon_e5-4669_v4_firmware -
intel core_i7-6560u_firmware -
intel core_i3-6100u_firmware -
intel xeon_l5506_firmware -
intel xeon_x5260_firmware -
intel core_i5-8300h_firmware -
intel core_i3-8145u_firmware -
intel xeon_lv_5148_firmware -
intel xeon_platinum_8260m_firmware -
intel xeon_gold_5218n_firmware -
intel core_i3-5157u_firmware -
debian debian_linux 9.0
intel core_i7-7800x_firmware -
intel celeron_g4900_firmware -
intel core_i9-7900x_firmware -
intel xeon_w-3245m_firmware -
intel core_i5-6260u_firmware -
intel core_i7-9850h_firmware -
intel xeon_d-2145nt_firmware -
intel xeon_5120_firmware -
intel core_i3-8100_firmware -
intel xeon_e5-2667_v2_firmware -
intel xeon_gold_5222_firmware -
intel celeron_g4932e_firmware -
intel xeon_e7-8893_v3_firmware -
intel xeon_e3-1220l_v3_firmware -
intel core_i3-7167u_firmware -
intel xeon_x5355_firmware -
intel xeon_gold_6248_firmware -
intel xeon_d-2183it_firmware -
intel core_i3-5010u_firmware -
intel xeon_e3-1230l_v3_firmware -
intel xeon_x5680_firmware -
intel xeon_bronze_3204_firmware -
intel xeon_platinum_8270_firmware -
intel celeron_g1840t_firmware -
intel xeon_gold_6252n_firmware -
intel xeon_e5603_firmware -
intel celeron_g3930t_firmware -
opensuse leap 15.1
intel xeon_l7455_firmware -
intel xeon_d-1553n_firmware -
intel xeon_d-1541_firmware -
intel xeon_ec5549_firmware -
intel pentium_gold_4425y_firmware -
intel core_m-5y10c_firmware -
intel xeon_e6540_firmware -
intel xeon_e5-2403_v2_firmware -
intel celeron_g4920_firmware -
intel xeon_e5-4640_v2_firmware -
intel xeon_e7-8890_v3_firmware -
intel core_i5-9400t_firmware -
intel core_i9-7940x_firmware -
intel core_i9-10920x_x-series_firmware -
intel xeon_5160_firmware -
intel xeon_d-2161i_firmware -
intel xeon_e7-2850_v2_firmware -
intel xeon_e-2234_firmware -
intel xeon_w-2125_firmware -
intel xeon_5050_firmware -
intel core_i7-5950hq_firmware -
intel xeon_e5-2683_v3_firmware -
intel xeon_e-2124g_firmware -
intel celeron_g3950_firmware -
intel core_i3-7300_firmware -
intel xeon_e5-2680_v3_firmware -
intel xeon_w3530_firmware -
intel xeon_e5-1660_v2_firmware -
intel xeon_e3-1281_v3_firmware -
intel xeon_l5430_firmware -
intel xeon_e7-4860_v2_firmware -
intel xeon_e5-2620_v4_firmware -
intel core_i5-5200u_firmware -
intel xeon_5070_firmware -
intel xeon_e5-2637_v4_firmware -
intel xeon_e7430_firmware -
intel xeon_w3580_firmware -
intel xeon_x3350_firmware -
canonical ubuntu_linux 14.04
oracle solaris 11
intel core_i7-6820hk_firmware -
intel xeon_e7520_firmware -
intel xeon_e5-4650_v3_firmware -
intel core_i5-7500t_firmware -
intel celeron_g1850_firmware -
intel xeon_ec3539_firmware -
intel xeon_e3-1271_v3_firmware -
intel xeon_l5609_firmware -
intel core_i3-8100t_firmware -
intel xeon_w3540_firmware -
intel xeon_gold_6230n_firmware -
intel xeon_e3-1276_v3_firmware -
intel core_m-5y70_firmware -
intel xeon_x5460_firmware -
intel xeon_l5420_firmware -
intel core_i9-10900x_x-series_firmware -
intel xeon_e5-2420_v2_firmware -
intel xeon_e5630_firmware -
intel xeon_5063_firmware -
intel core_m-5y51_firmware -
intel xeon_gold_5217_firmware -
intel xeon_e5-2640_v3_firmware -
intel xeon_w-3225_firmware -
intel xeon_e3-1246_v3_firmware -
intel core_i7-8705g_firmware -
intel xeon_e-2244g_firmware -
intel celeron_g4950_firmware -
intel pentium_gold_4417u_firmware -
intel xeon_w-2195_firmware -
intel xeon_l5310_firmware -
fedoraproject fedora 30
intel celeron_g3900te_firmware -
intel celeron_g3900_firmware -
intel xeon_e3-1505m_v5_firmware -
intel xeon_gold_6244_firmware -
intel xeon_e-2224g_firmware -
intel core_i5-10310y_firmware -
intel xeon_e5504_firmware -
intel core_i9-10940x_x-series_firmware -
intel xeon_e5-2603_v2_firmware -
intel xeon_e5-2699_v4_firmware -
intel celeron_g1820t_firmware -
redhat enterprise_linux_server_aus 7.6
intel xeon_silver_4214y_firmware -
intel xeon_w3550_firmware -
intel xeon_e7-4890_v2_firmware -
intel xeon_e3-1575m_v5_firmware -
intel xeon_w-2275_firmware -
intel core_i9-9900x_x-series_firmware -
intel xeon_l5335_firmware -
intel xeon_gold_5218_firmware -
intel xeon_l5630_firmware -
intel xeon_e3-1265l_v3_firmware -
intel xeon_gold_6242_firmware -
fedoraproject fedora 31
intel xeon_e3-1245_v5_firmware -
f5 big-ip_application_security_manager *
intel celeron_g1620_firmware -
intel xeon_e7-8893_v4_firmware -
intel xeon_w5580_firmware -
intel core_i7-9700_firmware -
intel xeon_e5-1680_v4_firmware -
intel xeon_e5-4660_v3_firmware -
intel xeon_e5-2628l_v4_firmware -
intel xeon_e7-4880_v2_firmware -
intel xeon_gold_5215l_firmware -
intel core_i5-6287u_firmware -
intel xeon_l5508_firmware -
intel xeon_gold_5218b_firmware -
intel xeon_e5-2650l_v2_firmware -
intel xeon_ec5539_firmware -
intel celeron_g3930_firmware -
intel core_i3-9300t_firmware -
intel xeon_7130n_firmware -
intel core_i3-8109u_firmware -
intel xeon_platinum_8276_firmware -
intel xeon_e5-2650_v4_firmware -
intel xeon_x5670_firmware -
intel xeon_platinum_8280_firmware -
intel xeon_e5-1620_v3_firmware -
intel xeon_w-3223_firmware -
intel xeon_e3-1275_v3_firmware -
intel xeon_x5570_firmware -
intel xeon_e6510_firmware -
intel core_m3-6y54_firmware -
intel celeron_g4930e_firmware -
intel celeron_g3900e_firmware -
intel xeon_x5470_firmware -
intel xeon_e5-4620_v3_firmware -
intel xeon_e5-1620_v4_firmware -
intel xeon_l7345_firmware -
intel xeon_e5205_firmware -
intel core_i3-5015u_firmware -
intel xeon_platinum_8276m_firmware -
intel xeon_e5-2630l_v4_firmware -
intel core_i3-9100_firmware -
intel xeon_e5-2667_v4_firmware -
intel xeon_5030_firmware -
intel core_i7-7920hq_firmware -
intel xeon_d-1539_firmware -
intel xeon_x5560_firmware -
intel xeon_x3470_firmware -
intel celeron_g1630_firmware -
intel xeon_e5-2683_v4_firmware -
intel xeon_platinum_8280m_firmware -
intel xeon_e5-4620_v4_firmware -
intel xeon_x5647_firmware -
f5 big-iq_centralized_management 7.0.0
f5 enterprise_manager 3.1.1
intel core_i5-7600k_firmware -
intel xeon_e5-2670_v2_firmware -
intel xeon_l5318_firmware -
intel pentium_gold_g5500_firmware -
intel xeon_d-1513n_firmware -
intel xeon_e5-4650_v2_firmware -
intel xeon_x5660_firmware -
intel core_i9-7960x_firmware -
intel xeon_5080_firmware -
intel core_i7-5500u_firmware -
intel xeon_platinum_8256_firmware -
intel xeon_lc5528_firmware -
intel xeon_l3110_firmware -
intel xeon_w-2265_firmware -
intel core_i3-6100h_firmware -
intel core_i5-7300hq_firmware -
intel core_i9-9920x_x-series_firmware -
intel core_i5-8265u_firmware -
intel core_i5-6200u_firmware -
intel celeron_g3920_firmware -
intel xeon_w-3265_firmware -
intel xeon_e7440_firmware -
intel xeon_7130m_firmware -
intel core_i7-10510u_firmware -
intel xeon_e5-1650_v2_firmware -
intel xeon_7020_firmware -
intel xeon_e5-2640_v4_firmware -
intel core_i3-5020u_firmware -
intel xeon_e-2136_firmware -
intel xeon_e5420_firmware -
intel xeon_ec5509_firmware -
intel core_i7-8706g_firmware -
intel core_i5-6300hq_firmware -
f5 big-ip_policy_enforcement_manager *
intel xeon_e7540_firmware -
intel xeon_d-2191_firmware -
intel core_i5-8400b_firmware -
intel xeon_e5-2630_v4_firmware -
intel xeon_e5-4610a_v4_firmware -
intel xeon_d-2141i_firmware -
intel xeon_e5-2687w_v3_firmware -
intel xeon_d-1557_firmware -
intel xeon_w-2225_firmware -
intel xeon_e7310_firmware -
intel core_i7-7700k_firmware -
intel xeon_x5690_firmware -
intel xeon_e3-1220_v3_firmware -
intel xeon_e5-4620_v2_firmware -
intel core_i7-7700t_firmware -
intel xeon_e7-4850_v4_firmware -
intel xeon_e3-1585l_v5_firmware -
intel core_i7-9750h_firmware -
intel celeron_g3930te_firmware -
intel xeon_e7-8880_v3_firmware -
intel xeon_7140n_firmware -
intel xeon_l5410_firmware -
intel xeon_gold_6240y_firmware -
intel core_m-5y10a_firmware -
intel core_i5-7287u_firmware -
intel xeon_d-1577_firmware -
intel xeon_e7-4830_v4_firmware -
intel xeon_e7-4820_v2_firmware -
intel xeon_gold_6262v_firmware -
intel core_i5-6267u_firmware -
intel xeon_x3230_firmware -
intel xeon_e5-2687w_v2_firmware -
intel xeon_silver_4215_firmware -
intel xeon_e3-1230_v6_firmware -
intel xeon_3065_firmware -
intel xeon_gold_6230_firmware -
intel xeon_d-2166nt_firmware -
intel xeon_e5530_firmware -
intel xeon_d-1623n_firmware -
intel xeon_7120m_firmware -
intel xeon_lv_5128_firmware -
intel xeon_e5410_firmware -
intel core_i9-9980xe_firmware -
intel xeon_e7-8867_v4_firmware -
intel xeon_platinum_9242_firmware -
intel xeon_3040_firmware -
intel xeon_e5-4655_v4_firmware -
intel core_i3-10110u_firmware -
intel xeon_l5408_firmware -
intel xeon_l5618_firmware -
intel xeon_platinum_8260_firmware -
intel xeon_w-2255_firmware -
intel xeon_e3-1275_v5_firmware -
intel core_i5-7360u_firmware -
intel xeon_e5-1680_v3_firmware -
intel xeon_e5-2698_v4_firmware -
intel xeon_e5506_firmware -
intel xeon_x5672_firmware -
redhat enterprise_linux_server 7.0
intel core_m-5y71_firmware -
intel core_i7-9700t_firmware -
intel xeon_e5-2699a_v4_firmware -
intel pentium_gold_g5420_firmware -
intel xeon_d-1622_firmware -
intel xeon_platinum_8280l_firmware -
intel xeon_l5240_firmware -
intel xeon_x5270_firmware -
intel xeon_e5220_firmware -
intel core_i3-9300_firmware -
intel xeon_e5240_firmware -
intel core_i7-7567u_firmware -
intel celeron_g1610_firmware -
intel xeon_x3450_firmware -
intel core_i5-9600_firmware -
intel xeon_w-2133_firmware -
intel core_i3-7100h_firmware -
intel xeon_e3-1505m_v6_firmware -
intel core_i9-9940x_x-series_firmware -
intel xeon_x5667_firmware -
intel core_i7-5557u_firmware -
f5 big-ip_global_traffic_manager *
intel core_i5-8350u_firmware -
intel core_i3-7100_firmware -
intel xeon_e3-1231_v3_firmware -
intel xeon_d-1653n_firmware -
intel xeon_e5-2648l_v4_firmware -
intel xeon_7030_firmware -
intel celeron_g1620t_firmware -
intel xeon_e7-4809_v3_firmware -
intel core_i7-7820hq_firmware -
intel xeon_gold_6238t_firmware -
intel core_i5-8250u_firmware -
intel xeon_gold_6240_firmware -
intel xeon_e3-1225_v3_firmware -
intel celeron_g1820te_firmware -
intel xeon_x3480_firmware -
intel xeon_d-2177nt_firmware -
intel xeon_e5-2697_v2_firmware -
intel xeon_e5-4660_v4_firmware -
intel core_i5-9400_firmware -
intel xeon_e5472_firmware -
intel xeon_7140m_firmware -
intel pentium_gold_g5500t_firmware -
intel core_i5-7260u_firmware -
intel core_i7-5850hq_firmware -
intel xeon_d-1518_firmware -
intel core_i3-8300_firmware -
intel xeon_x5450_firmware -
intel xeon_platinum_8260l_firmware -
intel core_i5-1035g1_firmware -
intel xeon_x5687_firmware -
intel xeon_3060_firmware -
intel xeon_w-3175x_firmware -
intel core_i5-6350hq_firmware -
intel xeon_e7320_firmware -
intel xeon_e5-1660_v3_firmware -
intel xeon_e5-2670_v3_firmware -
intel xeon_e5-2680_v4_firmware -
intel core_i7-8565u_firmware -
intel core_i7-8750h_firmware -
intel xeon_e5-1620_v2_firmware -
intel xeon_7120n_firmware -
intel xeon_d-1523n_firmware -
intel xeon_e5-1650_v3_firmware -
intel xeon_e3-1535m_v6_firmware -
intel xeon_5040_firmware -
intel xeon_5060_firmware -
intel xeon_e3-1280_v5_firmware -
intel core_i5-9600k_firmware -
intel xeon_e7450_firmware -
intel xeon_e5-2620_v2_firmware -
intel xeon_e7-8893_v2_firmware -
intel core_i7-8086k_firmware -
intel xeon_e5-2470_v2_firmware -
intel xeon_e7-8850_v2_firmware -
intel xeon_e3-1245_v6_firmware -
intel xeon_w-2145_firmware -
intel xeon_e7-4809_v4_firmware -
intel core_i5+8500_firmware -
intel xeon_e5-2643_v2_firmware -
intel xeon_d-1527_firmware -
intel xeon_e5-2660_v2_firmware -
intel xeon_e3-1240l_v3_firmware -
intel celeron_g4900t_firmware -
intel core_i7-6970hq_firmware -
redhat enterprise_linux_server_tus 7.7
intel xeon_d-2123it_firmware -
intel xeon_e3-1275_v6_firmware -
intel xeon_e7-8880l_v2_firmware -
intel core_i7-6770hq_firmware -
intel xeon_d-2146nt_firmware -
intel xeon_d-1633n_firmware -
intel xeon_x7460_firmware -
f5 big-ip_analytics *
intel xeon_l3426_firmware -
intel xeon_w3570_firmware -
intel xeon_e5-2695_v2_firmware -
intel celeron_g1610t_firmware -
intel xeon_e-2286g_firmware -
intel xeon_e7340_firmware -
intel pentium_gold_4415u_firmware -
intel xeon_gold_5215_firmware -
intel core_i3-9100t_firmware -
intel xeon_x7350_firmware -
intel xeon_d-1520_firmware -
intel xeon_e3-1225_v6_firmware -
intel xeon_platinum_8260y_firmware -
intel core_i5-8269u_firmware -
intel xeon_e5462_firmware -
intel xeon_e5-4640_v3_firmware -
intel xeon_e7-8870_v4_firmware -
intel xeon_gold_6240l_firmware -
intel xeon_l5238_firmware -
intel core_i9-7980xe_firmware -
intel core_m-5y10_firmware -
intel xeon_e5-2650l_v4_firmware -
intel xeon_e7-8880_v2_firmware -
intel core_i7-8650u_firmware -
intel xeon_gold_6238l_firmware -
intel xeon_e3110_firmware -
intel xeon_e5-4627_v4_firmware -
intel xeon_e5-2697a_v4_firmware -
intel xeon_e7-4820_v4_firmware -
intel xeon_e5-2630_v3_firmware -
intel xeon_e5-2660_v4_firmware -
intel celeron_g1830_firmware -
intel pentium_gold_4415y_firmware -
intel xeon_e5345_firmware -
intel core_i3-8300t_firmware -
f5 big-ip_local_traffic_manager *
intel xeon_d-1543n_firmware -
intel xeon_w-2175_firmware -
intel xeon_e-2236_firmware -
intel xeon_e5-2430_v2_firmware -
intel core_i5-9300h_firmware -
intel xeon_x5677_firmware -
intel xeon_l7545_firmware -
intel xeon_e7-4870_v2_firmware -
intel xeon_e-2104g_firmware -
intel xeon_e7-2880_v2_firmware -
intel xeon_e-2176g_firmware -
intel core_i3-7100t_firmware -
intel core_i7-8809g_firmware -
intel xeon_x3320_firmware -
intel xeon_e7-8857_v2_firmware -
intel core_m-5y31_firmware -
intel xeon_e3-1545m_v5_firmware -
intel xeon_e7220_firmware -
intel xeon_e5-2667_v3_firmware -
intel xeon_x5272_firmware -
intel xeon_l5520_firmware -
intel xeon_e5430_firmware -
intel xeon_e7-8855_v4_firmware -
intel xeon_platinum_8253_firmware -
intel core_i5-5250u_firmware -
intel xeon_gold_6254_firmware -
intel xeon_x5482_firmware -
intel xeon_e-2226g_firmware -
intel core_i5-5287u_firmware -
intel xeon_7041_firmware -
intel pentium_gold_g5400t_firmware -
intel xeon_x5472_firmware -
intel core_i7-6567u_firmware -
intel core_i5-7200u_firmware -
intel xeon_e5-2603_v3_firmware -
intel xeon_e7-8860_v3_firmware -
intel xeon_e3-1515m_v5_firmware -
intel xeon_gold_5215m_firmware -
intel xeon_e5-2643_v3_firmware -
intel xeon_gold_5220t_firmware -
intel xeon_w3670_firmware -
intel xeon_7110m_firmware -
intel xeon_l3014_firmware -
redhat enterprise_linux_server_eus 7.6
intel xeon_e5-2697_v3_firmware -
intel xeon_e7-8870_v3_firmware -
intel xeon_e7-4830_v2_firmware -
intel xeon_lv_5133_firmware -
intel xeon_w3565_firmware -
intel core_i7-7820hk_firmware -
intel xeon_e5-1650_v4_firmware -
intel xeon_e7-8891_v4_firmware -
intel core_i5-8400t_firmware -
intel pentium_gold_g5600t_firmware -
intel xeon_e3-1240_v6_firmware -
intel core_i3-7320_firmware -
intel core_i3-6100_firmware -
intel xeon_e5-2687w_v4_firmware -
intel core_i5-7600t_firmware -
intel xeon_e5-2695_v3_firmware -
intel xeon_7150n_firmware -
intel xeon_d-1537_firmware -
intel xeon_e7-4850_v2_firmware -
intel xeon_d-2143it_firmware -
intel xeon_e5-4607_v2_firmware -
intel xeon_e3-1285l_v4_firmware -
f5 big-ip_fraud_protection_service *
intel xeon_e5-2450_v2_firmware -
intel core_i7-8550u_firmware -
intel xeon_e7-2870_v2_firmware -
intel xeon_l5530_firmware -
intel xeon_gold_5220s_firmware -
intel core_i5-7400_firmware -
intel xeon_gold_6246_firmware -
intel xeon_lc3518_firmware -
intel xeon_w-2235_firmware -
intel xeon_e3-1260l_v5_firmware -
intel core_i5-5257u_firmware -
intel xeon_3050_firmware -
intel core_i5-7y54_firmware -
intel xeon_e-2146g_firmware -
intel xeon_e7-8890_v2_firmware -
intel xeon_e3-1270_v5_firmware -
intel xeon_e5645_firmware -
intel xeon_e5-4655_v3_firmware -
intel core_i5-7600_firmware -
intel core_i7-7660u_firmware -
intel core_i7-5700hq_firmware -
intel core_i5-9500_firmware -
intel xeon_e5-2698_v3_firmware -
intel core_i7-5775c_firmware -
intel celeron_g3930e_firmware -
intel xeon_5130_firmware -
intel xeon_platinum_9222_firmware -
intel core_i5-5350h_firmware -
intel core_i7-1065g7_firmware -
intel core_i7-6500u_firmware -
intel xeon_gold_6238m_firmware -
intel xeon_e3-1285_v4_firmware -
intel core_i3-7350k_firmware -
intel xeon_l5638_firmware -
intel xeon_e5450_firmware -
intel xeon_x3370_firmware -
intel xeon_e5-4627_v3_firmware -
intel xeon_x6550_firmware -
intel xeon_e7-8860_v4_firmware -
intel xeon_x3380_firmware -
intel xeon_l5640_firmware -
intel xeon_e5-4650_v4_firmware -
intel xeon_d-2187nt_firmware -
intel xeon_gold_6252_firmware -
intel xeon_e5-2623_v3_firmware -
intel xeon_e5649_firmware -
intel xeon_w-2123_firmware -
intel xeon_e7530_firmware -
intel xeon_x3460_firmware -
intel xeon_e5-2640_v2_firmware -
intel xeon_d-2142it_firmware -
intel xeon_e3-1268l_v5_firmware -
intel xeon_e7330_firmware -
intel core_i3-9320_firmware -
intel xeon_l5320_firmware -
intel core_i7-6870hq_firmware -
intel xeon_e7-4850_v3_firmware -
intel core_i9-10980xe_firmware -
intel xeon_e5-2690_v3_firmware -
intel core_i5-7500_firmware -
intel xeon_e5-4628l_v4_firmware -
intel xeon_5150_firmware -
intel core_i9-7920x_firmware -
intel xeon_silver_4214_firmware -
intel xeon_e-2246g_firmware -
intel xeon_e5606_firmware -
intel xeon_e7-4820_v3_firmware -
intel xeon_x5550_firmware -
intel xeon_e3-1220_v5_firmware -
intel xeon_w5590_firmware -
intel xeon_e7-4809_v2_firmware -
intel xeon_silver_4209t_firmware -
f5 big-ip_advanced_firewall_manager *
intel xeon_e3-1225_v5_firmware -
intel pentium_gold_4410y_firmware -
intel core_i5-1035g7_firmware -
intel xeon_l3406_firmware -
intel xeon_e5-4667_v4_firmware -
intel xeon_e5-2690_v2_firmware -
intel xeon_d-1531_firmware -
intel core_i7+8700_firmware -
f5 big-ip_domain_name_system *
intel xeon_gold_6238_firmware -
intel xeon_w-2155_firmware -
redhat openshift_container_platform 4.2
intel xeon_e5-2699_v3_firmware -
f5 big-ip_application_acceleration_manager *
intel xeon_e5-2650l_v3_firmware -
intel pentium_gold_g5620_firmware -
intel xeon_e3-1235l_v5_firmware -
intel xeon_l5215_firmware -
intel xeon_e-2224_firmware -
intel xeon_e-2276g_firmware -
intel xeon_d-2163it_firmware -
intel core_i3-9350k_firmware -
intel xeon_e-2278g_firmware -
intel xeon_e7-8891_v2_firmware -
intel core_i7-7500u_firmware -
intel xeon_x3360_firmware -
intel xeon_x3440_firmware -
intel core_i7-8709g_firmware -
intel xeon_e7-8867_v3_firmware -
intel xeon_e5-2609_v2_firmware -
intel xeon_e5-2630_v2_firmware -
intel xeon_e7-8880l_v3_firmware -
intel xeon_w3690_firmware -
intel xeon_e5-2697_v4_firmware -
intel xeon_e3120_firmware -
intel core_i5-8400_firmware -
intel xeon_e-2174g_firmware -
f5 big-ip_link_controller *
intel xeon_e5-2658_v4_firmware -
f5 big-iq_centralized_management *
intel xeon_w-3275m_firmware -
intel xeon_w-2223_firmware -
intel xeon_platinum_9282_firmware -
intel xeon_gold_6226_firmware -
intel core_i5-8305g_firmware -
intel xeon_e5-4667_v3_firmware -
intel celeron_g3900t_firmware -
intel xeon_platinum_8276l_firmware -
intel xeon_d-1528_firmware -
intel pentium_gold_g5400_firmware -
intel xeon_e5-4657l_v2_firmware -
intel core_i7-7700hq_firmware -
intel xeon_w-3275_firmware -
intel xeon_x5675_firmware -
redhat openshift_container_platform 4.1
intel xeon_x7550_firmware -
intel xeon_e7-8870_v2_firmware -
redhat enterprise_linux_server_tus 7.6
intel xeon_3070_firmware -
intel xeon_lc5518_firmware -
intel xeon_5140_firmware -
intel xeon_d-1540_firmware -
intel core_i5-8259u_firmware -
intel xeon_d-1627_firmware -
intel core_i5-9600t_firmware -
intel xeon_e5507_firmware -
intel pentium_gold_g5600_firmware -
intel xeon_e-2186g_firmware -
intel celeron_g1820_firmware -
intel pentium_gold_5405u_firmware -
intel xeon_e5-2618l_v4_firmware -
intel core_i5-7440hq_firmware -
intel xeon_d-1533n_firmware -
intel xeon_x7560_firmware -
intel core_i5-7267u_firmware -
intel core_i3-10110y_firmware -
redhat enterprise_linux_server_eus 8.1
intel xeon_e7210_firmware -
intel xeon_e-2288g_firmware -
intel xeon_gold_6230t_firmware -
intel xeon_e5405_firmware -
intel xeon_w3680_firmware -
intel pentium_gold_6405u_firmware -
intel xeon_e3-1240_v5_firmware -
intel xeon_e5-4610_v2_firmware -
intel xeon_e5640_firmware -
intel core_i3-8130u_firmware -
intel xeon_w3520_firmware -
intel core_i7-6700hq_firmware -
intel core_i5+8400_firmware -
intel core_i3-7300t_firmware -
intel xeon_d-1521_firmware -
redhat enterprise_linux_server_eus 7.7
intel xeon_lv_5138_firmware -
intel core_i7-5550u_firmware -
intel xeon_e3-1265l_v4_firmware -
intel xeon_l3360_firmware -
intel core_i7-5750hq_firmware -
intel xeon_e5-2690_v4_firmware -
intel xeon_e5-2637_v3_firmware -
intel xeon_e5-2430l_v2_firmware -
intel core_i7-8500y_firmware -
intel xeon_x5492_firmware -
intel core_m3-7y30_firmware -
intel xeon_e5-2609_v4_firmware -
intel xeon_gold_5218t_firmware -
intel xeon_lv_5113_firmware -
intel xeon_e7-8890_v4_firmware -
intel core_i5-10210y_firmware -
intel core_i5-9400h_firmware -
intel xeon_x5650_firmware -
intel core_i7-7700_firmware -
intel core_i3-7100u_firmware -
intel xeon_e-2144g_firmware -
intel xeon_e5-2620_v3_firmware -
intel xeon_x7542_firmware -
intel xeon_gold_6234_firmware -
intel xeon_d-1649n_firmware -
intel xeon_e5335_firmware -
intel xeon_d-1602_firmware -
intel xeon_e5-2695_v4_firmware -
intel xeon_e5-2608l_v4_firmware -
intel xeon_e5-4627_v2_firmware -
intel core_i3-1005g1_firmware -
intel core_i7-10510y_firmware -
intel xeon_d-1559_firmware -
intel xeon_e5310_firmware -
intel xeon_e7420_firmware -
intel xeon_d-2173it_firmware -
intel xeon_e5-2660_v3_firmware -
intel xeon_e5520_firmware -
f5 big-ip_access_policy_manager *
intel xeon_e5-2650_v2_firmware -
intel xeon_e3-1240l_v5_firmware -
intel xeon_e5-2630l_v3_firmware -
intel xeon_d-1548_firmware -
redhat enterprise_linux_server_aus 7.7
intel core_i9-9960x_x-series_firmware -
intel xeon_e5502_firmware -
intel xeon_e5-2650_v3_firmware -
intel xeon_e5440_firmware -
intel celeron_g3902e_firmware -
intel xeon_e7-8880_v4_firmware -
intel xeon_e5-2637_v2_firmware -
intel core_i3-6167u_firmware -
intel xeon_e3-1585_v5_firmware -
intel xeon_silver_4216_firmware -
intel xeon_x3430_firmware -
intel xeon_e5-4669_v3_firmware -
intel xeon_e7-4830_v3_firmware -
intel core_i3-5005u_firmware -
intel core_m3-8100y_firmware -
intel xeon_l5518_firmware -
intel xeon_gold_5220_firmware -
intel celeron_g1840_firmware -
CVE-2018-1320 MEDIUM

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
oracle global_lifecycle_management_opatch *
apache thrift *
oracle nosql_database *
f5 traffix_signaling_delivery_controller *
debian debian_linux 8.0
CVE-2018-13405 MEDIUM

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
redhat virtualization 4.0
f5 big-ip_application_security_manager *
f5 big-ip_link_controller 15.1.0
redhat enterprise_linux_workstation 7.0
f5 big-ip_domain_name_system *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
f5 big-ip_webaccelerator *
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_webaccelerator 15.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_security_manager 16.0.0
redhat enterprise_linux_server_tus 7.4
f5 big-ip_analytics *
f5 big-ip_advanced_firewall_manager 15.1.0
linux linux_kernel *
f5 big-ip_policy_enforcement_manager 16.0.0
redhat enterprise_linux_server_aus 7.3
f5 big-ip_edge_gateway 16.0.0
fedoraproject fedora 35
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_fraud_protection_service *
f5 big-ip_local_traffic_manager 16.0.0
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_access_policy_manager 16.0.0
canonical ubuntu_linux 18.04
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_tus 7.3
f5 big-ip_global_traffic_manager *
redhat enterprise_linux_aus 7.4
f5 big-ip_webaccelerator 16.0.0
redhat enterprise_linux_for_real_time 7
f5 big-ip_access_policy_manager *
redhat enterprise_linux_desktop 6.0
f5 big-ip_application_acceleration_manager 16.0.0
f5 big-ip_advanced_firewall_manager 16.0.0
f5 big-ip_global_traffic_manager 16.0.0
fedoraproject fedora 34
redhat enterprise_linux_eus 7.5
debian debian_linux 8.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
redhat enterprise_linux_server 6.0
f5 big-ip_edge_gateway *
f5 big-ip_link_controller 16.0.0
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_domain_name_system 16.0.0
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_fraud_protection_service 16.0.0
f5 big-ip_local_traffic_manager 15.1.0
redhat enterprise_linux_server_aus 6.6
redhat mrg_realtime 2.0
f5 big-ip_analytics 16.0.0
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_desktop 7.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_policy_enforcement_manager 15.1.0
redhat enterprise_linux_eus 7.4
f5 big-ip_edge_gateway 15.1.0
redhat enterprise_linux_server 7.0
f5 big-ip_analytics 15.1.0
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.2
CVE-2018-14462 MEDIUM

The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
fedoraproject fedora 31
tcpdump tcpdump *
fedoraproject fedora 29
fedoraproject fedora 30
f5 traffix_signaling_delivery_controller *
debian debian_linux 8.0
apple mac_os_x *
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
opensuse leap 15.0
debian debian_linux 10.0
debian debian_linux 9.0
CVE-2018-14463 MEDIUM

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
fedoraproject fedora 31
tcpdump tcpdump *
fedoraproject fedora 29
fedoraproject fedora 30
f5 traffix_signaling_delivery_controller *
debian debian_linux 8.0
apple mac_os_x *
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
opensuse leap 15.0
debian debian_linux 10.0
debian debian_linux 9.0
CVE-2018-14465 MEDIUM

The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
fedoraproject fedora 31
tcpdump tcpdump *
fedoraproject fedora 29
fedoraproject fedora 30
f5 traffix_signaling_delivery_controller *
debian debian_linux 8.0
apple mac_os_x *
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
opensuse leap 15.0
debian debian_linux 10.0
debian debian_linux 9.0
CVE-2018-14468 MEDIUM

The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
opensuse leap 15.1
fedoraproject fedora 31
tcpdump tcpdump *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-iq_centralized_management 7.0.0
f5 enterprise_manager 3.1.1
fedoraproject fedora 30
f5 traffix_signaling_delivery_controller *
debian debian_linux 8.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
opensuse leap 15.0
debian debian_linux 10.0
f5 iworkflow 2.3.0
fedoraproject fedora 29
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_firewall_manager *
apple mac_os_x *
redhat enterprise_linux 7.0
f5 big-ip_global_traffic_manager *
redhat enterprise_linux 8.0
debian debian_linux 9.0
CVE-2018-14469 MEDIUM

The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
fedoraproject fedora 31
tcpdump tcpdump *
fedoraproject fedora 29
fedoraproject fedora 30
f5 traffix_signaling_delivery_controller *
debian debian_linux 8.0
apple mac_os_x *
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
opensuse leap 15.0
debian debian_linux 10.0
debian debian_linux 9.0
CVE-2018-14634 HIGH

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 6.6
f5 big-ip_application_security_manager *
redhat enterprise_linux_workstation 7.0
netapp snapprotect -
f5 big-ip_domain_name_system *
canonical ubuntu_linux 14.04
f5 traffix_signaling_delivery_controller 4.4.0
f5 enterprise_manager 3.1.1
f5 traffix_signaling_delivery_controller *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
canonical ubuntu_linux 12.04
f5 big-iq_cloud_and_orchestration 1.0.0
f5 big-ip_policy_enforcement_manager *
redhat enterprise_linux_server 6.0
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
redhat enterprise_linux_server_eus 6.7
netapp active_iq_performance_analytics_services -
linux linux_kernel *
paloaltonetworks pan-os *
redhat enterprise_linux_server_aus 6.6
f5 big-ip_fraud_protection_service *
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_desktop 7.0
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management 4.6.0
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.6
f5 big-ip_global_traffic_manager *
f5 iworkflow *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_eus 7.5
CVE-2018-14879 MEDIUM

The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
opensuse leap 15.1
fedoraproject fedora 31
tcpdump tcpdump *
fedoraproject fedora 29
fedoraproject fedora 30
f5 traffix_signaling_delivery_controller *
debian debian_linux 8.0
apple mac_os_x *
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
opensuse leap 15.0
debian debian_linux 10.0
debian debian_linux 9.0
CVE-2018-14880 MEDIUM

The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
opensuse leap 15.1
fedoraproject fedora 31
tcpdump tcpdump *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-iq_centralized_management 7.0.0
f5 enterprise_manager 3.1.1
fedoraproject fedora 30
f5 traffix_signaling_delivery_controller *
debian debian_linux 8.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
opensuse leap 15.0
debian debian_linux 10.0
f5 iworkflow 2.3.0
fedoraproject fedora 29
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_firewall_manager *
apple mac_os_x *
redhat enterprise_linux 7.0
f5 big-ip_global_traffic_manager *
redhat enterprise_linux 8.0
debian debian_linux 9.0
CVE-2018-14882 MEDIUM

The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
fedoraproject fedora 31
tcpdump tcpdump *
fedoraproject fedora 29
fedoraproject fedora 30
f5 traffix_signaling_delivery_controller *
debian debian_linux 8.0
apple mac_os_x *
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
opensuse leap 15.0
debian debian_linux 10.0
debian debian_linux 9.0
CVE-2018-15310 MEDIUM

A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2018-15311 MEDIUM

When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-15312 MEDIUM

On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-15313 MEDIUM

On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
CVE-2018-15314 MEDIUM

On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
CVE-2018-15315 MEDIUM

On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected Cross Site Scripting (XSS) vulnerability in an undisclosed Configuration Utility page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-15316 LOW

In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager_client *
f5 big-ip_edge_client *
CVE-2018-15317 MEDIUM

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors. Clients will be unable to access the application load balanced by a virtual server with an SSL profile until tmm is restarted.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_protocol_security_module *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-15318 HIGH

In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after the closing procedure is complete. TMM may restart and produce a core file as a result of this condition.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_protocol_security_module *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-15319 HIGH

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_protocol_security_module *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-15320 MEDIUM

On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system. The configuration which exposes this condition is the BIG-IP self IP address which is part of a VLAN group and has the Port Lockdown setting configured with anything other than "allow-all".

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_protocol_security_module *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-15321 MEDIUM

When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 enterprise_manager 3.1.1
f5 big-ip_protocol_security_module *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-iq_cloud_and_orchestration 1.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-iq_centralized_management 4.6.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 iworkflow *
CVE-2018-15322 MEDIUM

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 enterprise_manager 3.1.1
f5 big-ip_protocol_security_module *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-iq_cloud_and_orchestration 1.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-iq_centralized_management 4.6.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 iworkflow *
CVE-2018-15323 MEDIUM

On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain circumstances, when processing traffic through a Virtual Server with an associated MQTT profile, the TMM process may produce a core file and take the configured HA action.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_protocol_security_module *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-15324 MEDIUM

On BIG-IP APM 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, TMM may restart when processing a specially crafted request with APM portal access.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2018-15325 MEDIUM

In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_protocol_security_module *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-15326 MEDIUM

In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2018-15327 MEDIUM

In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 enterprise_manager 3.1.1
f5 big-ip_protocol_security_module *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-15328 MEDIUM

On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_edge_gateway 14.0.0
f5 big-ip_advanced_firewall_manager 14.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 enterprise_manager 3.1.1
f5 big-ip_global_traffic_manager 14.0.0
f5 big-ip_policy_enforcement_manager 14.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_local_traffic_manager 14.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_link_controller 14.0.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
f5 big-ip_application_security_manager 14.0.0
f5 big-ip_domain_name_system 14.0.0
f5 big-ip_fraud_protection_service 14.0.0
f5 big-ip_analytics 14.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_access_policy_manager 14.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management 4.6.0
f5 big-ip_global_traffic_manager *
f5 big-ip_application_acceleration_manager 14.0.0
f5 iworkflow *
f5 big-ip_webaccelerator 14.0.0
CVE-2018-15329 MEDIUM

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 enterprise_manager 3.1.1
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-15330 HIGH

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a virtual server using the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal error and may cause the Traffic Management Microkernel (TMM) to produce a core file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-15331 MEDIUM

On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the BIG-IP system.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_acceleration_manager *
CVE-2018-15332 MEDIUM

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager 14.0.0
f5 big-ip_access_policy_manager_client *
CVE-2018-15333 LOW

On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps.

CVSS 2.0

Severity: LOW

Problem Type: CWE-434,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-15334 MEDIUM

A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2018-15335 MEDIUM

When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failure response

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2018-16229 MEDIUM

The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
opensuse leap 15.1
fedoraproject fedora 31
tcpdump tcpdump *
fedoraproject fedora 29
fedoraproject fedora 30
f5 traffix_signaling_delivery_controller *
debian debian_linux 8.0
apple mac_os_x *
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
opensuse leap 15.0
debian debian_linux 10.0
debian debian_linux 9.0
CVE-2018-16843 HIGH

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
opensuse leap 15.1
canonical ubuntu_linux 18.04
f5 nginx *
canonical ubuntu_linux 14.04
apple xcode *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
CVE-2018-16844 HIGH

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
f5 nginx *
canonical ubuntu_linux 14.04
apple xcode *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
CVE-2018-16845 MEDIUM

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 1.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-835,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
opensuse leap 15.1
canonical ubuntu_linux 18.04
f5 nginx *
canonical ubuntu_linux 14.04
apple xcode *
canonical ubuntu_linux 16.04
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2018-16890 MEDIUM

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,CWE-190,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
haxx libcurl *
oracle secure_global_desktop 5.4
oracle communications_operations_monitor 3.4
canonical ubuntu_linux 14.04
siemens sinema_remote_connect_client *
canonical ubuntu_linux 16.04
netapp clustered_data_ontap *
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
oracle communications_operations_monitor 4.0
redhat enterprise_linux 8.0
oracle http_server 12.2.1.3.0
debian debian_linux 9.0
CVE-2018-17539 MEDIUM

The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager 14.0.0
f5 big-ip_local_traffic_manager *
ipinfusion zebos *
ipinfusion ocnos *
CVE-2018-20002 MEDIUM

The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
gnu binutils 2.31
netapp vasa_provider *
f5 traffix_signaling_delivery_controller 4.4.0
f5 traffix_signaling_delivery_controller *
CVE-2018-20657 MEDIUM

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
gnu binutils 2.31.1
f5 traffix_signaling_delivery_controller 4.4.0
f5 traffix_signaling_delivery_controller *
CVE-2018-20836 HIGH

An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,CWE-416,

Products Affected

Vendor Product Version
linux linux_kernel *
opensuse leap 15.1
netapp vasa_provider_for_clustered_data_ontap *
netapp hci_compute_node -
netapp active_iq_unified_manager *
netapp snapprotect -
netapp virtual_storage_console *
canonical ubuntu_linux 16.04
netapp storage_replication_adapter_for_clustered_data_ontap -
debian debian_linux 8.0
f5 traffix_signaling_delivery_controller 5.0.0
netapp solidfire_&_hci_management_node -
f5 traffix_signaling_delivery_controller 5.1.0
opensuse leap 15.0
debian debian_linux 10.0
netapp solidfire_&_hci_storage_node -
debian debian_linux 9.0
CVE-2018-5390 HIGH

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
cisco expressway x8.10.4
redhat enterprise_linux_server_eus 6.4
redhat virtualization 4.0
cisco expressway x8.11
f5 big-ip_advanced_firewall_manager 14.0.0
f5 big-ip_application_security_manager *
redhat enterprise_linux_server_aus 6.4
redhat enterprise_linux_workstation 7.0
f5 big-ip_domain_name_system *
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_eus 7.2
f5 big-ip_global_traffic_manager 14.0.0
canonical ubuntu_linux 16.04
hp aruba_clearpass_policy_manager *
f5 big-ip_webaccelerator *
f5 traffix_systems_signaling_delivery_controller 4.4.0
cisco telepresence_conductor_firmware xc4.3.3
f5 big-ip_application_acceleration_manager *
cisco telepresence_video_communication_server_firmware x8.10.1
cisco expressway x8.10
cisco meeting_management 1.0.1
redhat enterprise_linux_server_tus 7.4
f5 big-ip_analytics *
f5 traffix_systems_signaling_delivery_controller *
cisco expressway_series -
f5 big-ip_application_security_manager 14.0.0
linux linux_kernel *
cisco webex_video_mesh -
cisco telepresence_video_communication_server_firmware x8.10.2
redhat enterprise_linux_server_aus 7.3
f5 big-ip_fraud_protection_service 14.0.0
cisco threat_grid-cloud -
f5 big-ip_analytics 14.0.0
f5 big-ip_fraud_protection_service *
cisco expressway x8.10.2
cisco digital_network_architecture_center 1.2
redhat enterprise_linux_server_eus 7.4
f5 big-ip_access_policy_manager 14.0.0
cisco meeting_management 1.0
cisco telepresence_video_communication_server_firmware x8.10.4
canonical ubuntu_linux 18.04
cisco telepresence_video_communication_server_firmware x8.10.3
redhat enterprise_linux_server_tus 7.3
f5 big-ip_global_traffic_manager *
f5 big-ip_application_acceleration_manager 14.0.0
a10networks advanced_core_operating_system 4.1.0
cisco network_assurance_engine 2.1(1a)
redhat enterprise_linux_server_eus 7.5
cisco telepresence_video_communication_server_firmware x8.11
f5 big-ip_access_policy_manager *
f5 big-ip_edge_gateway 14.0.0
a10networks advanced_core_operating_system 4.1.2
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 6.6
redhat enterprise_linux_server_eus 7.3
cisco telepresence_conductor_firmware xc4.3.1
debian debian_linux 8.0
f5 big-ip_policy_enforcement_manager 14.0.0
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager 14.0.0
canonical ubuntu_linux 12.04
a10networks advanced_core_operating_system 3.2.2
f5 big-ip_policy_enforcement_manager *
cisco expressway x8.10.3
f5 big-ip_edge_gateway *
f5 big-ip_link_controller 14.0.0
a10networks advanced_core_operating_system 4.1.4
linux linux_kernel 4.18
cisco collaboration_meeting_rooms 1.0
a10networks advanced_core_operating_system 4.1.1
cisco expressway x8.10.1
redhat enterprise_linux_server_eus 6.7
cisco telepresence_conductor_firmware xc4.3.2
f5 big-ip_domain_name_system 14.0.0
redhat enterprise_linux_server_aus 6.6
cisco telepresence_conductor_firmware xc4.3
redhat enterprise_linux_server_tus 7.2
cisco webex_hybrid_data_security -
cisco telepresence_conductor_firmware xc4.3.4
redhat enterprise_linux_desktop 7.0
f5 big-ip_advanced_firewall_manager *
redhat enterprise_linux_server_aus 6.5
hp aruba_airwave_amp *
cisco telepresence_video_communication_server_firmware x8.10
redhat enterprise_linux_server 7.0
f5 big-ip_webaccelerator 14.0.0
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.2
CVE-2018-5391 HIGH

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-20,

Products Affected

Vendor Product Version
microsoft windows_10 -
f5 big-ip_local_traffic_manager *
f5 big-ip_application_security_manager *
siemens simatic_net_cp_1243-1_firmware *
siemens sinema_remote_connect_server_firmware *
redhat enterprise_linux_server_aus 6.4
redhat enterprise_linux_workstation 7.0
f5 big-ip_domain_name_system *
siemens simatic_net_cp_1542sp-1_firmware *
canonical ubuntu_linux 14.04
microsoft windows_7 -
canonical ubuntu_linux 16.04
f5 big-ip_webaccelerator *
f5 big-ip_application_acceleration_manager *
redhat enterprise_linux_server_tus 7.4
f5 big-ip_analytics *
siemens simatic_rf188ci_firmware *
siemens simatic_net_cp_1243-8_irc_firmware *
microsoft windows_server_2008 -
linux linux_kernel *
siemens simatic_rf186ci_firmware *
microsoft windows_server_2016 1709
siemens scalance_w1700_ieee_802.11ac_firmware *
redhat enterprise_linux_server_aus 7.3
f5 big-ip_fraud_protection_service *
siemens simatic_net_cp_1243-7_lte_us_firmware *
redhat enterprise_linux_server_eus 7.4
canonical ubuntu_linux 18.04
redhat enterprise_linux_workstation 6.0
microsoft windows_rt_8.1 -
redhat enterprise_linux_server_tus 7.3
f5 big-ip_global_traffic_manager *
siemens simatic_net_cp_1542sp-1_irc_firmware *
siemens simatic_net_cp_1543-1_firmware *
redhat enterprise_linux_server_eus 7.5
siemens scalance_m-800_firmware *
microsoft windows_server_2012 -
siemens simatic_rf186c_firmware *
f5 big-ip_access_policy_manager *
siemens simatic_rf188_firmware *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 6.6
microsoft windows_server_2012 r2
siemens simatic_net_cp_1543sp-1_firmware *
redhat enterprise_linux_server_eus 7.3
microsoft windows_server_2016 -
siemens ruggedcom_rox_ii_firmware *
microsoft windows_10 1709
microsoft windows_10 1703
debian debian_linux 8.0
f5 big-ip_link_controller *
siemens ruggedcom_rm1224_firmware *
siemens scalance_w700_ieee_802.11a/b/g/n_firmware *
canonical ubuntu_linux 12.04
f5 big-ip_policy_enforcement_manager *
redhat enterprise_linux_server 6.0
f5 big-ip_edge_gateway *
siemens scalance_sc-600_firmware *
siemens scalance_s615_firmware *
redhat enterprise_linux_server_eus 6.7
microsoft windows_8.1 -
microsoft windows_server_2008 r2
siemens simatic_rf185c_firmware *
redhat enterprise_linux_server_aus 6.6
siemens simatic_net_cp_1242-7_firmware *
redhat enterprise_linux_server_tus 7.2
siemens simatic_net_cp_1243-7_lte_eu_firmware *
redhat enterprise_linux_desktop 7.0
microsoft windows_10 1803
f5 big-ip_advanced_firewall_manager *
redhat enterprise_linux_server_aus 6.5
microsoft windows_10 1607
redhat enterprise_linux_server 7.0
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.2
microsoft windows_server_2016 1803
CVE-2018-5500 MEDIUM

On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_dns *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_websafe 13.0.0
f5 big-ip_websafe *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_dns 13.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2018-5501 MEDIUM

In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_dns *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_acceleration_manager 11.2.1
f5 big-ip_analytics 11.2.1
f5 big-ip_advanced_firewall_manager 11.2.1
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_websafe 13.0.0
f5 big-ip_websafe *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_websafe 11.2.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_link_controller 13.0.0
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_policy_enforcement_manager 11.2.1
f5 big-ip_advanced_firewall_manager *
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_dns 13.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
f5 big-ip_dns 11.2.1
CVE-2018-5502 MEDIUM

On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_websafe 1.0.0
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-5503 MEDIUM

On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_policy_enforcement_manager *
CVE-2018-5504 HIGH

In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_websafe 1.0.0
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-5505 MEDIUM

On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
CVE-2018-5506 MEDIUM

In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_link_controller 11.6.1
f5 big-ip_analytics 11.2.1
f5 big-ip_advanced_firewall_manager 11.2.1
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_domain_name_system *
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_webaccelerator *
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_websafe 11.2.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_link_controller 13.0.0
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_policy_enforcement_manager 11.2.1
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_acceleration_manager 11.2.1
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_domain_name_system 11.6.1
f5 big-ip_websafe 13.0.0
f5 big-ip_websafe *
f5 big-ip_analytics 11.6.1
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_domain_name_system 13.0.0
f5 big-ip_edge_gateway *
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_domain_name_system 11.2.1
f5 big-ip_websafe 11.6.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_webaccelerator 11.6.1
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway 11.6.1
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_local_traffic_manager 13.0.0
CVE-2018-5507 MEDIUM

On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe 13.0.0
f5 big-ip_websafe *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_domain_name_system 13.0.0
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2018-5508 MEDIUM

On F5 BIG-IP PEM versions 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.5.1-11.5.5, or 11.2.1, under certain conditions, TMM may crash when processing compressed data though a Virtual Server with an associated PEM profile using the content insertion option.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager 11.2.1
f5 big-ip_policy_enforcement_manager 13.0.0
CVE-2018-5509 HIGH

On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_websafe 1.0.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_security_manager *
CVE-2018-5510 MEDIUM

On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TMM) may restart when processing a specific sequence of packets on IPv6 virtual servers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_global_traffic_manager 11.5.4
f5 big-ip_domain_name_system 11.5.5
f5 big-ip_advanced_firewall_manager 11.5.4
f5 big-ip_local_traffic_manager 11.5.4
f5 big-ip_analytics 11.5.4
f5 big-ip_websafe 11.5.5
f5 big-ip_webaccelerator 11.5.5
f5 big-ip_websafe 11.5.4
f5 big-ip_application_security_manager 11.5.5
f5 big-ip_webaccelerator 11.5.4
f5 big-ip_global_traffic_manager 11.5.5
f5 big-ip_local_traffic_manager 11.5.5
f5 big-ip_domain_name_system 11.5.4
f5 big-ip_access_policy_manager 11.5.5
f5 big-ip_access_policy_manager 11.5.4
f5 big-ip_application_acceleration_manager 11.5.5
f5 big-ip_advanced_firewall_manager 11.5.5
f5 big-ip_analytics 11.5.5
f5 big-ip_application_acceleration_manager 11.5.4
f5 big-ip_policy_enforcement_manager 11.5.4
f5 big-ip_edge_gateway 11.5.5
f5 big-ip_policy_enforcement_manager 11.5.5
f5 big-ip_link_controller 11.5.5
f5 big-ip_application_security_manager 11.5.4
f5 big-ip_link_controller 11.5.4
f5 big-ip_edge_gateway 11.5.4
CVE-2018-5511 MEDIUM

On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-470,

Products Affected

Vendor Product Version
vmware workstation 14.1.5
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_edge_gateway 13.1.0
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_websafe 13.0.0
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_webaccelerator 13.1.0
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_domain_name_system 13.0.0
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_analytics 13.0.0
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_enterprise_manager 3.1.1
f5 big-ip_analytics 13.1.0
f5 big-ip_websafe 13.1.0
vmware workstation_player 15.0.2
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2018-5512 HIGH

On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-5513 MEDIUM

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe 13.0.0
f5 big-ip_websafe *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_domain_name_system 13.0.0
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2018-5514 MEDIUM

On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-5515 MEDIUM

On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-5516 MEDIUM

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-iq_cloud_and_orchestration 1.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-iq_centralized_management 4.6.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 f5_iworkflow *
f5 big-ip_analytics *
f5 big-ip_enterprise_manager 3.1.1
CVE-2018-5517 MEDIUM

On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-5518 LOW

On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in "Appliance Mode" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as "host-only" or "bridged" mode is required.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-5519 MEDIUM

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-5520 LOW

On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources.

CVSS 2.0

Severity: LOW

Problem Type: CWE-863,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-5521 MEDIUM

On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 11.2.1
f5 big-ip_analytics 11.2.1
f5 big-ip_advanced_firewall_manager 11.2.1
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_analytics *
f5 big-ip_websafe 11.2.1
f5 big-ip_domain_name_system 11.2.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_policy_enforcement_manager 11.2.1
f5 big-ip_advanced_firewall_manager *
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager 11.2.1
CVE-2018-5522 MEDIUM

On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_acceleration_manager 11.2.1
f5 big-ip_analytics 11.2.1
f5 big-ip_advanced_firewall_manager 11.2.1
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe 13.0.0
f5 big-ip_websafe *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_domain_name_system 13.0.0
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_websafe 11.2.1
f5 big-ip_domain_name_system 11.2.1
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_link_controller 13.0.0
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_policy_enforcement_manager 11.2.1
f5 big-ip_advanced_firewall_manager *
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2018-5523 MEDIUM

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_edge_gateway 13.1.0
f5 big-ip_analytics 11.2.1
f5 big-ip_advanced_firewall_manager 11.2.1
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 enterprise_manager 3.1.1
f5 big-ip_webaccelerator 13.1.0
f5 big-ip_webaccelerator *
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_access_policy_manager 11.2.1
f5 big-ip_link_controller 13.0.0
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_policy_enforcement_manager 11.2.1
f5 big-ip_local_traffic_manager 11.2.1
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager 11.2.1
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_acceleration_manager 11.2.1
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_edge_gateway 11.2.1
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_domain_name_system 13.0.0
f5 big-ip_edge_gateway *
f5 big-ip_link_controller 11.2.1
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_domain_name_system 11.2.1
f5 big-ip_analytics 13.1.0
f5 big-ip_fraud_protection_service 13.0.0
f5 big-ip_webaccelerator 11.2.1
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_fraud_protection_service 11.2.1
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2018-5524 MEDIUM

Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_fraud_protection_service *
CVE-2018-5525 MEDIUM

A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_domain_name_system 13.0.0
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_fraud_protection_service 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2018-5526 MEDIUM

Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral DOS (BADOS) protection may fail during an attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
CVE-2018-5527 HIGH

On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to leak memory. As a result, system memory usage increases over time, which may eventually cause a decrease in performance or a system reboot due to memory exhaustion.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-772,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-5528 LOW

Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-IP 13.0.1 or 13.1.0.4-13.1.0.7.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager 13.0.1
CVE-2018-5529 MEDIUM

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or disrupt service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_edge *
CVE-2018-5530 MEDIUM

F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb".

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_websafe *
CVE-2018-5531 MEDIUM

Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems. Attack must be sourced from adjacent network (layer 2).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-5532 MEDIUM

On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_domain_name_system 13.0.0
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_fraud_protection_service 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2018-5533 MEDIUM

Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_domain_name_system 13.0.0
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_fraud_protection_service 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2018-5534 MEDIUM

Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_domain_name_system 13.0.0
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_fraud_protection_service 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2018-5535 MEDIUM

On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_edge_gateway 14.0.0
f5 big-ip_advanced_firewall_manager 14.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_global_traffic_manager 14.0.0
f5 big-ip_policy_enforcement_manager 14.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_local_traffic_manager 14.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_link_controller 14.0.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
f5 big-ip_application_security_manager 14.0.0
f5 big-ip_domain_name_system 14.0.0
f5 big-ip_fraud_protection_service 14.0.0
f5 big-ip_analytics 14.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_access_policy_manager 14.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_acceleration_manager 14.0.0
f5 big-ip_webaccelerator 14.0.0
CVE-2018-5536 MEDIUM

A remote attacker via undisclosed measures, may be able to exploit an F5 BIG-IP APM 13.0.0-13.1.0.7 or 12.1.0-12.1.3.5 virtual server configured with an APM per-request policy object and cause a memory leak in the APM module.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager 14.0.0
CVE-2018-5537 LOW

A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_webaccelerator *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_websafe *
CVE-2018-5538 MEDIUM

On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to any value other than the default of "0".

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_domain_name_system *
CVE-2018-5539 MEDIUM

Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, 11.5.1-11.5.6, or 11.2.1, when processing CSRF protections, the BIG-IP ASM bd process may restart and produce a core file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager 11.2.1
f5 big-ip_application_security_manager *
CVE-2018-5540 LOW

On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.

CVSS 2.0

Severity: LOW

Problem Type: CWE-732,

Products Affected

Vendor Product Version
f5 big-iq_cloud_and_orchestration 1.0.0
f5 big-iq_centralized_management *
f5 big-ip_global_traffic_manager *
f5 f5_iworkflow *
f5 big-ip_domain_name_system *
f5 enterprise_manager 3.1.1
CVE-2018-5541 HIGH

When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.5.1-11.5.6 is processing HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
CVE-2018-5542 MEDIUM

F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2018-5543 MEDIUM

The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0 (k8s-bigip-crtl) passes BIG-IP username and password as command line parameters, which may lead to disclosure of the credentials used by the container.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
f5 big-ip_controller *
CVE-2018-5544 MEDIUM

When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages (pages with a logon agent or a confirm box), the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2018-5545 MEDIUM

On F5 WebSafe Alert Server 1.0.0-4.2.6, a malicious, authenticated user can execute code on the alert server by using a maliciously crafted payload.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 websafe_alert_server *
CVE-2018-5546 HIGH

The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager_client *
CVE-2018-5547 HIGH

Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges

CVSS 2.0

Severity: HIGH

Problem Type: CWE-862,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager_client 7.1.7
f5 big-ip_access_policy_manager_client 7.1.6.1
f5 big-ip_access_policy_manager_client 7.1.6
CVE-2018-5548 MEDIUM

On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2018-5549 MEDIUM

On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13.1.0.3, APMD may core when processing SAML Assertion or response containing certain elements.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager 13.0.0
CVE-2018-5743 MEDIUM

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager 15.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_edge_gateway 15.0.0
f5 enterprise_manager 3.1.1
f5 big-ip_application_acceleration_manager 15.0.0
isc bind 9.10.8
f5 big-ip_access_policy_manager 15.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_fraud_protection_service 15.0.0
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_webaccelerator 15.0.0
f5 big-ip_analytics *
f5 big-ip_domain_name_system 15.0.0
f5 big-ip_advanced_firewall_manager 15.0.0
isc bind 9.11.5
isc bind 9.9.3
f5 iworkflow 2.3.0
f5 big-ip_global_traffic_manager 15.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_local_traffic_manager 15.0.0
f5 big-ip_link_controller 15.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_analytics 15.0.0
isc bind 9.14.0
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager 15.0.0
isc bind *
CVE-2019-10744 MEDIUM

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1321,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-iq_centralized_management 5.4.0
oracle banking_extensibility_workbench 14.3.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-iq_centralized_management 7.0.0
lodash lodash *
netapp service_level_manager -
oracle banking_extensibility_workbench 14.4.0
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
netapp active_iq_unified_manager -
f5 big-ip_analytics *
f5 iworkflow 2.3.0
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_global_traffic_manager *
redhat virtualization_manager 4.3
CVE-2019-11109 MEDIUM

Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0 may allow a privileged user to potentially enable denial of service via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_10250v_firmware -
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_i11600_firmware -
f5 big-ip_10050s_firmware -
f5 big-ip_i10800_firmware -
f5 big-ip_i11800_firmware -
f5 big-ip_i7800_firmware -
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_10150v-n_firmware -
f5 big-ip_12250v_firmware -
f5 big-ip_analytics *
f5 big-ip_i15600_firmware -
f5 big-ip_i15800_firmware -
f5 big-ip_10000s_firmware -
f5 big-ip_b2250_firmware -
f5 big-ip_i7600_firmware -
f5 big-ip_fraud_protection_service *
f5 big-ip_i5600_firmware -
f5 viprion_2200_firmware -
f5 big-ip_advanced_firewall_manager *
f5 big-ip_10350v-n_firmware -
f5 big-ip_b4450n_firmware -
f5 big-ip_b4300_firmware -
f5 big-ip_global_traffic_manager *
f5 big-ip_10200v-s_firmware -
intel server_platform_services_firmware *
f5 big-ip_i10600_firmware -
f5 big-ip_i5800_firmware -
f5 big-ip_b4340n_firmware -
CVE-2019-11477 HIGH

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
redhat enterprise_mrg 2.0
f5 big-ip_local_traffic_manager *
redhat enterprise_linux_atomic_host -
f5 big-ip_application_security_manager *
pulsesecure pulse_policy_secure -
f5 big-ip_domain_name_system *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
f5 big-ip_access_policy_manager 15.0.0
f5 big-ip_webaccelerator *
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.10
f5 big-ip_fraud_protection_service 15.0.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
redhat enterprise_linux_aus 6.6
linux linux_kernel *
f5 big-ip_fraud_protection_service *
redhat enterprise_linux 6.0
f5 big-ip_link_controller 15.0.0
f5 big-ip_analytics 15.0.0
canonical ubuntu_linux 18.04
f5 big-ip_global_traffic_manager *
redhat enterprise_linux 8.0
f5 big-ip_application_security_manager 15.0.0
redhat enterprise_linux_aus 6.5
redhat enterprise_linux 5.0
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager 15.0.0
f5 traffix_sdc *
pulsesecure pulse_connect_secure -
f5 big-ip_edge_gateway 15.0.0
redhat enterprise_linux_eus 7.5
f5 big-ip_application_acceleration_manager 15.0.0
f5 traffix_signaling_delivery_controller *
f5 big-ip_link_controller *
canonical ubuntu_linux 12.04
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_webaccelerator 15.0.0
f5 big-ip_domain_name_system 15.0.0
f5 big-ip_advanced_firewall_manager 15.0.0
pulsesecure pulse_secure_virtual_application_delivery_controller -
f5 big-ip_global_traffic_manager 15.0.0
ivanti connect_secure -
f5 big-ip_local_traffic_manager 15.0.0
f5 big-ip_advanced_firewall_manager *
redhat enterprise_linux_eus 7.4
redhat enterprise_linux 7.0
CVE-2019-11478 MEDIUM

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,CWE-400,

Products Affected

Vendor Product Version
redhat enterprise_mrg 2.0
f5 big-ip_local_traffic_manager *
redhat enterprise_linux_atomic_host -
f5 big-ip_application_security_manager *
pulsesecure pulse_policy_secure -
f5 big-ip_domain_name_system *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
f5 big-ip_access_policy_manager 15.0.0
f5 big-ip_webaccelerator *
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.10
f5 big-ip_fraud_protection_service 15.0.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
redhat enterprise_linux_aus 6.6
linux linux_kernel *
f5 big-ip_fraud_protection_service *
redhat enterprise_linux 6.0
f5 big-ip_link_controller 15.0.0
f5 big-ip_analytics 15.0.0
canonical ubuntu_linux 18.04
f5 big-ip_global_traffic_manager *
redhat enterprise_linux 8.0
f5 big-ip_application_security_manager 15.0.0
redhat enterprise_linux_aus 6.5
redhat enterprise_linux 5.0
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager 15.0.0
pulsesecure pulse_connect_secure -
f5 big-ip_edge_gateway 15.0.0
redhat enterprise_linux_eus 7.5
f5 big-ip_application_acceleration_manager 15.0.0
f5 traffix_signaling_delivery_controller *
f5 big-ip_link_controller *
canonical ubuntu_linux 12.04
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_webaccelerator 15.0.0
f5 big-ip_domain_name_system 15.0.0
f5 big-ip_advanced_firewall_manager 15.0.0
pulsesecure pulse_secure_virtual_application_delivery_controller -
f5 big-ip_global_traffic_manager 15.0.0
ivanti connect_secure -
f5 big-ip_local_traffic_manager 15.0.0
f5 big-ip_advanced_firewall_manager *
redhat enterprise_linux_eus 7.4
redhat enterprise_linux 7.0
CVE-2019-11479 MEDIUM

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-405,CWE-770,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
redhat virtualization_host 4.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
canonical ubuntu_linux 14.04
f5 enterprise_manager 3.1.1
canonical ubuntu_linux 16.04
f5 traffix_signaling_delivery_controller *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
canonical ubuntu_linux 19.04
f5 big-ip_policy_enforcement_manager *
canonical ubuntu_linux 18.10
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
linux linux_kernel *
f5 iworkflow 2.3.0
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_firewall_manager *
redhat enterprise_linux 7.0
canonical ubuntu_linux 18.04
f5 big-ip_global_traffic_manager *
CVE-2019-11837 MEDIUM

njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
f5 njs *
CVE-2019-11838 HIGH

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
f5 njs *
CVE-2019-11839 HIGH

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
f5 njs *
CVE-2019-12206 HIGH

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
f5 njs *
CVE-2019-12207 HIGH

njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
f5 njs *
CVE-2019-12208 HIGH

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
f5 njs *
CVE-2019-12295 MEDIUM

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_link_controller 15.1.0
f5 big-ip_domain_name_system *
canonical ubuntu_linux 16.04
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_application_acceleration_manager 15.1.0
canonical ubuntu_linux 19.04
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_webaccelerator 15.1.0
f5 big-ip_application_acceleration_manager *
wireshark wireshark *
f5 big-ip_analytics *
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_fraud_protection_service *
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_policy_enforcement_manager 15.1.0
canonical ubuntu_linux 18.04
f5 big-ip_global_traffic_manager *
f5 big-ip_edge_gateway 15.1.0
f5 big-ip_analytics 15.1.0
debian debian_linux 9.0
CVE-2019-13050 MEDIUM

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
opensuse leap 15.1
gnupg gnupg *
fedoraproject fedora 29
opensuse leap 15.0
sks_keyserver_project sks_keyserver *
fedoraproject fedora 30
f5 traffix_signaling_delivery_controller *
CVE-2019-13067 HIGH

njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
f5 njs *
CVE-2019-13115 MEDIUM

In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-190,

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
netapp cloud_backup -
libssh2 libssh2 *
netapp e-series_santricity_os_controller *
fedoraproject fedora 29
f5 traffix_systems_signaling_delivery_controller *
fedoraproject fedora 30
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2019-13135 MEDIUM

ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-908,

Products Affected

Vendor Product Version
f5 big-ip_webaccelerator *
canonical ubuntu_linux 19.04
f5 big-ip_application_acceleration_manager *
canonical ubuntu_linux 18.04
imagemagick imagemagick *
canonical ubuntu_linux 16.04
debian debian_linux 10.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 19.10
CVE-2019-13565 MEDIUM

An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle zfs_storage_appliance_kit 8.8
opensuse leap 15.1
openldap openldap *
oracle blockchain_platform *
canonical ubuntu_linux 14.04
oracle solaris 11
canonical ubuntu_linux 16.04
apple mac_os_x 10.14.6
debian debian_linux 8.0
f5 traffix_signaling_delivery_controller 5.0.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 19.04
apple mac_os_x *
apple mac_os_x 10.13.6
canonical ubuntu_linux 18.04
f5 traffix_signaling_delivery_controller 5.1.0
opensuse leap 15.0
CVE-2019-13617 MEDIUM

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
f5 njs *
CVE-2019-1559 MEDIUM

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
oracle mysql_enterprise_monitor *
oracle communications_diameter_signaling_router 8.4
fedoraproject fedora 31
netapp oncommand_workflow_automation -
netapp active_iq_unified_manager *
f5 big-ip_application_security_manager *
redhat enterprise_linux_workstation 7.0
oracle api_gateway 11.1.2.4.0
f5 traffix_signaling_delivery_controller 4.4.0
f5 big-ip_webaccelerator *
canonical ubuntu_linux 18.10
oracle enterprise_manager_ops_center 12.4.0
netapp hyper_converged_infrastructure -
netapp altavault -
oracle communications_session_border_controller 8.3
opensuse leap 15.0
oracle enterprise_manager_ops_center 12.3.3
mcafee data_exchange_layer *
canonical ubuntu_linux 18.04
redhat enterprise_linux_workstation 6.0
netapp storage_automation_store -
oracle peoplesoft_enterprise_peopletools 8.55
netapp steelstore_cloud_integrated_storage -
oracle jd_edwards_enterpriseone_tools 9.2
oracle enterprise_manager_base_platform 12.1.0.5.0
netapp clustered_data_ontap_antivirus_connector -
redhat enterprise_linux_desktop 6.0
opensuse leap 15.1
oracle business_intelligence 12.2.1.3.0
redhat virtualization_host 4.0
opensuse leap 42.3
oracle communications_session_router 8.2
oracle peoplesoft_enterprise_peopletools 8.56
netapp a800_firmware -
redhat enterprise_linux_server 6.0
oracle business_intelligence 11.1.1.9.0
netapp storagegrid -
netapp a320_firmware -
netapp storagegrid *
netapp cloud_backup -
oracle jd_edwards_world_security a9.3
oracle communications_session_router 8.0
oracle mysql_workbench *
oracle communications_session_border_controller 8.0.0
redhat enterprise_linux_desktop 7.0
netapp snapdrive -
f5 big-ip_advanced_firewall_manager *
oracle services_tools_bundle 19.2
netapp hci_management_node -
mcafee agent *
netapp service_processor -
oracle communications_session_border_controller 8.2
redhat enterprise_linux_server 7.0
netapp oncommand_insight -
oracle secure_global_desktop 5.4
redhat virtualization 4.0
netapp snapprotect -
netapp oncommand_unified_manager_core_package -
f5 big-ip_domain_name_system *
oracle communications_session_router 7.4
canonical ubuntu_linux 16.04
netapp smi-s_provider -
oracle communications_session_router 8.1
f5 big-ip_application_acceleration_manager *
netapp active_iq_unified_manager -
oracle communications_diameter_signaling_router 8.1
redhat jboss_enterprise_web_server 5.0.0
oracle endeca_server 7.7.0
f5 big-ip_analytics *
netapp oncommand_unified_manager -
netapp cn1610_firmware -
paloaltonetworks pan-os *
oracle enterprise_manager_base_platform 13.2.0.0.0
netapp santricity_smi-s_provider -
netapp fas2720_firmware -
f5 big-ip_fraud_protection_service *
netapp ontap_select_deploy -
oracle communications_session_border_controller 7.4
oracle communications_session_router 8.3
f5 big-ip_global_traffic_manager *
oracle communications_unified_session_manager 8.2.5
oracle communications_session_border_controller 8.1.0
oracle communications_unified_session_manager 7.3.5
mcafee web_gateway *
netapp snapcenter -
oracle business_intelligence 12.2.1.4.0
f5 big-ip_access_policy_manager *
netapp hci_compute_node -
oracle communications_diameter_signaling_router 8.0.0
fedoraproject fedora 30
f5 traffix_signaling_delivery_controller *
oracle communications_diameter_signaling_router 8.3
debian debian_linux 8.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
netapp ontap_select_deploy_administration_utility -
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
oracle peoplesoft_enterprise_peopletools 8.57
tenable nessus *
netapp c190_firmware -
openssl openssl *
oracle jd_edwards_world_security a9.4
netapp element_software -
netapp a220_firmware -
fedoraproject fedora 29
oracle mysql *
mcafee threat_intelligence_exchange_server *
netapp fas2750_firmware -
nodejs node.js *
oracle jd_edwards_world_security a9.3.1
oracle communications_diameter_signaling_router 8.2
oracle communications_performance_intelligence_center 10.4.0.2
oracle enterprise_manager_base_platform 13.3.0.0.0
netapp solidfire -
debian debian_linux 9.0
CVE-2019-16714 MEDIUM

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-909,

Products Affected

Vendor Product Version
linux linux_kernel *
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.04
f5 traffix_signaling_delivery_controller *
CVE-2019-19150 LOW

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2019-19151 LOW

On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-269,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 iworkflow 2.3.0
f5 big-iq_centralized_management 7.0.0
f5 big-ip_fraud_protection_service *
f5 enterprise_manager 3.1.1
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-20372 MEDIUM

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
opensuse leap 15.1
netapp cloud_backup -
f5 nginx *
canonical ubuntu_linux 14.04
apple xcode *
CVE-2019-5021 HIGH

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-258,NVD-CWE-Other,

Products Affected

Vendor Product Version
opensuse leap 15.1
f5 big-ip_controller 1.2.1
opensuse leap 15.0
gliderlabs docker-alpine *
CVE-2019-5436 MEDIUM

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
haxx libcurl *
opensuse leap 15.1
oracle enterprise_manager_ops_center 12.3.3
opensuse leap 42.3
fedoraproject fedora 29
f5 traffix_signaling_delivery_controller *
oracle enterprise_manager_ops_center 12.4.0
netapp hci_management_node -
netapp solidfire -
netapp steelstore_cloud_integrated_storage -
opensuse leap 15.0
debian debian_linux 10.0
oracle mysql_server *
oracle oss_support_tools 20.0
debian debian_linux 9.0
CVE-2019-6471 MEDIUM

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-617,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_link_controller 14.1.0
f5 big-ip_advanced_firewall_manager 14.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_global_traffic_manager 9.2.2
f5 enterprise_manager 3.1.1
f5 big-ip_global_traffic_manager 14.0.0
f5 big-ip_access_policy_manager 15.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_webaccelerator *
f5 big-ip_fraud_protection_service 15.0.0
f5 big-ip_link_controller 9.2.2
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_analytics *
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_application_security_manager 14.0.0
f5 big-ip_fraud_protection_service 14.0.0
f5 iworkflow 2.3.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_analytics 14.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller 15.0.0
f5 big-ip_access_policy_manager 14.0.0
f5 big-ip_analytics 15.0.0
isc bind 9.11.3
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager 15.0.0
f5 big-ip_application_acceleration_manager 14.0.0
isc bind 9.12.4
isc bind 9.11.7
f5 big-ip_access_policy_manager *
f5 big-ip_edge_gateway 14.0.0
f5 big-ip_policy_enforcement_manager 15.0.0
f5 big-ip_webaccelerator 9.2.2
f5 big-ip_domain_name_system 9.2.2
f5 big-ip_edge_gateway 15.0.0
f5 big-ip_analytics 14.1.0
f5 big-ip_application_acceleration_manager 15.0.0
f5 big-ip_policy_enforcement_manager 14.0.0
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager 14.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_link_controller 14.0.0
f5 big-ip_policy_enforcement_manager 9.2.2
f5 big-ip_webaccelerator 15.0.0
f5 big-ip_webaccelerator 14.1.0
f5 big-ip_domain_name_system 15.0.0
f5 big-ip_advanced_firewall_manager 15.0.0
f5 big-ip_edge_gateway 14.1.0
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_domain_name_system 14.0.0
f5 big-ip_global_traffic_manager 15.0.0
f5 big-ip_local_traffic_manager 15.0.0
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_webaccelerator 14.0.0
isc bind *
CVE-2019-6589 MEDIUM

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6590 HIGH

On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
CVE-2019-6591 LOW

On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2019-6592 MEDIUM

On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL certificates in client SSL or server SSL profiles.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6593 MEDIUM

On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle (MITM) attack, despite the attacker not having gained access to the server's private key itself. (CVE-2019-6593 also known as Zombie POODLE and GOLDENDOODLE.)

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_access_policy_manager *
f5 big-ip_webaccelerator 12.1.0
f5 big-ip_link_controller 11.6.1
f5 big-ip_domain_name_system 11.6.1
f5 big-ip_global_traffic_manager 12.1.0
f5 big-ip_application_security_manager *
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_domain_name_system *
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_analytics 11.6.1
f5 big-ip_link_controller 12.1.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_analytics *
f5 big-ip_edge_gateway 12.1.0
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_webaccelerator 11.6.1
f5 big-ip_fraud_protection_service 12.1.0
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_fraud_protection_service *
f5 big-ip_analytics 12.1.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_fraud_protection_service 11.6.1
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_edge_gateway 11.6.1
f5 big-ip_global_traffic_manager *
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_advanced_firewall_manager 12.1.0
CVE-2019-6594 MEDIUM

On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and 14.0.0-14.0.0.2, Multi-Path TCP (MPTCP) does not protect against multiple zero length DATA_FINs in the reassembly queue, which can lead to an infinite loop in some circumstances.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager 13.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_global_traffic_manager 13.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_domain_name_system 13.0.0
f5 big-ip_edge_gateway *
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_webaccelerator 13.0.0
f5 big-ip_fraud_protection_service 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_edge_gateway 13.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_local_traffic_manager 13.0.0
CVE-2019-6595 MEDIUM

Cross-site scripting (XSS) vulnerability in F5 BIG-IP Access Policy Manager (APM) 11.5.x and 11.6.x Admin Web UI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2019-6596 MEDIUM

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when processing fragmented ClientHello messages in a DTLS session TMM may corrupt memory eventually leading to a crash. Only systems offering DTLS connections via APM are impacted.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager 14.0.0
CVE-2019-6597 MEDIUM

In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 enterprise_manager 3.1.1
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6598 MEDIUM

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role (other than the No Access role). The No Access user role cannot login and does not have the access level to perform the attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 enterprise_manager 3.1.1
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6599 MEDIUM

In BIG-IP 11.6.1-11.6.3.2 or 11.5.1-11.5.8, or Enterprise Manager 3.1.1, improper escaping of values in an undisclosed page of the configuration utility may result with an improper handling on the JSON response when it is injected by a malicious script via a remote cross-site scripting (XSS) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2019-6600 MEDIUM

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6601 LOW

In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager (AAM) wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts.

CVSS 2.0

Severity: LOW

Problem Type: CWE-269,

Products Affected

Vendor Product Version
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_application_acceleration_manager *
CVE-2019-6602 MEDIUM

In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6603 MEDIUM

In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_protocol_security_manager *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6604 MEDIUM

On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed Bridge.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_edge_gateway 14.0.0
f5 big-ip_advanced_firewall_manager 14.0.0
f5 big-ip_application_security_manager *
f5 big-ip_protocol_security_manager *
f5 big-ip_protocol_security_manager 14.0.0
f5 big-ip_global_traffic_manager 14.0.0
f5 big-ip_protocol_security_module *
f5 big-ip_policy_enforcement_manager 14.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_local_traffic_manager 14.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_link_controller 14.0.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
f5 big-ip_application_security_manager 14.0.0
f5 big-ip_fraud_protection_service 14.0.0
f5 big-ip_analytics 14.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_access_policy_manager 14.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_acceleration_manager 14.0.0
CVE-2019-6605 MEDIUM

On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_protocol_security_manager *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6606 MEDIUM

On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, when processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of memory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_protocol_security_manager *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6607 MEDIUM

On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, there is a stored cross-site scripting vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF which results in code execution as the admin user.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
CVE-2019-6608 HIGH

On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-401,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_protocol_security_manager *
f5 big-ip_fraud_protection_service *
f5 big-ip_protocol_security_module *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6609 MEDIUM

Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use the F5 hardware support to store the unit key. Instead the unit key is stored in plaintext on disk as would be the case for Z100 systems. Additionally this causes the unit key to be stored in UCS files taken on these platforms.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_analytics *
f5 big-ip_fraud_protection_service 12.1.1
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_global_traffic_manager 12.1.1
f5 big-ip_fraud_protection_service *
f5 big-ip_webaccelerator12.1.1 hf2
f5 big-ip_advanced_firewall_manager *
f5 big-ip_analytics 12.1.1
f5 big-ip_link_controller 12.1.1
f5 big-ip_global_traffic_manager *
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_edge_gateway 12.1.1
CVE-2019-6610 HIGH

On BIG-IP versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11.6.3.4, and 11.5.1-11.5.8, the system is vulnerable to a denial of service attack when performing URL classification.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager 14.0.0
CVE-2019-6611 MEDIUM

When BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 are processing certain rare data sequences occurring in PPTP VPN traffic, the BIG-IP system may execute incorrect logic. The TMM may restart and produce a core file as a result of this condition. The BIG-IP system provisioned with the CGNAT module and configured with a virtual server using a PPTP profile is exposed to this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6612 MEDIUM

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, DNS query TCP connections that are aborted before receiving a response from a DNS cache may cause TMM to restart.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
CVE-2019-6613 MEDIUM

On BIG-IP 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, SNMP may expose sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is used with various profile types and is accessed using SNMPv2.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6614 MEDIUM

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite arbitrary system files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6615 MEDIUM

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6616 MEDIUM

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6617 MEDIUM

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to our definition for the Resource Administrator (RA) role restrictions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6618 MEDIUM

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, users with the Resource Administrator role can modify sensitive portions of the filesystem if provided Advanced Shell Access, such as editing /etc/passwd. This allows modifications to user objects and is contrary to our definition for the Resource Administrator (RA) role restrictions.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6619 MEDIUM

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation (ALPN) enabled and it processes traffic where the ALPN extension size is zero.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_security_manager *
CVE-2019-6620 MEDIUM

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker vulnerable to command injection for an Administrator user.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6621 MEDIUM

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 and BIG-IQ 7.0.0-7.1.0.2, 6.0.0-6.1.0, and 5.1.0-5.4.0, an undisclosed iControl REST worker is vulnerable to command injection by an admin/resource admin user. This issue impacts both iControl REST and tmsh implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6622 MEDIUM

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user. This attack is only exploitable on multi-bladed systems.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6623 MEDIUM

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, undisclosed traffic sent to BIG-IP iSession virtual server may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6624 MEDIUM

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, an undisclosed traffic pattern sent to a BIG-IP UDP virtual server may lead to a denial-of-service (DoS).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6625 MEDIUM

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI) also known as the BIG-IP Configuration utility.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6626 MEDIUM

On BIG-IP (AFM, Analytics, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.3.4, A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the Configuration utility.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
CVE-2019-6627 MEDIUM

On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to a certain race condition, TMM may restart when SSL Forward Proxy enforces the bypass action for an SSL Orchestrator transparent virtual server with SNAT enabled.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
f5 ssl_orchestrator *
CVE-2019-6628 MEDIUM

On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain conditions, the TMM process may terminate and restart while processing BIG-IP PEM traffic with the OpenVPN classifier.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_policy_enforcement_manager *
CVE-2019-6629 MEDIUM

On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to the control plane.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6630 MEDIUM

On F5 SSL Orchestrator 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, undisclosed traffic flow may cause TMM to restart under certain circumstances.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 ssl_orchestrator *
CVE-2019-6631 MEDIUM

On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual Server with an associated HTTP profile, in specific circumstances, when the requests do not strictly conform to RFCs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6632 LOW

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files.

CVSS 2.0

Severity: LOW

Problem Type: CWE-330,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6633 LOW

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6634 MEDIUM

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any role.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6635 LOW

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, when the BIG-IP system is licensed for Appliance mode, a user with either the Administrator or the Resource Administrator role can bypass Appliance mode restrictions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6636 HIGH

On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. The level of user role which can perform this attack are resource administrator and administrator.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-79,CWE-352,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_security_manager *
CVE-2019-6637 MEDIUM

On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, Application logic abuse of ASM REST endpoints can lead to instability of BIG-IP system. Exploitation of this issue causes excessive memory consumption which results in the Linux kernel triggering OOM killer on arbitrary processes. The attack requires an authenticated user with role of "Guest" or greater privilege. Note: "No Access" cannot login so technically it's a role but a user with this access role cannot perform the attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
CVE-2019-6638 MEDIUM

On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6639 LOW

On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting (XSS) issue. This is a control plane issue only and is not accessible from the data plane. The attack requires a malicious resource administrator to store the XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
CVE-2019-6640 MEDIUM

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, SNMP exposes sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is inserted into various profile types and accessed using SNMPv2.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6641 MEDIUM

On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl REST processes to crash. The attack can only come from an authenticated user; all roles are capable of performing the attack. Unauthenticated users cannot perform this attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6642 HIGH

In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files (via scp, for example) can escalate their privileges to allow root shell access from within the TMOS Shell (tmsh) interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager 15.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_edge_gateway 15.0.0
f5 enterprise_manager 3.1.1
f5 big-ip_application_acceleration_manager 15.0.0
f5 big-ip_access_policy_manager 15.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_fraud_protection_service 15.0.0
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_webaccelerator 15.0.0
f5 big-ip_analytics *
f5 big-ip_domain_name_system 15.0.0
f5 big-ip_advanced_firewall_manager 15.0.0
f5 iworkflow 2.3.0
f5 big-ip_global_traffic_manager 15.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_local_traffic_manager 15.0.0
f5 big-ip_link_controller 15.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_analytics 15.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager 15.0.0
CVE-2019-6643 MEDIUM

On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the TMM process to produce a core file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_link_controller 14.1.0
f5 big-ip_edge_gateway 14.0.0
f5 big-ip_advanced_firewall_manager 14.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_analytics 14.1.0
f5 big-ip_global_traffic_manager 14.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_policy_enforcement_manager 14.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_local_traffic_manager 14.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_link_controller 14.0.0
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_analytics *
f5 big-ip_webaccelerator 14.1.0
f5 big-ip_edge_gateway 14.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_application_security_manager 14.0.0
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_domain_name_system 14.0.0
f5 big-ip_fraud_protection_service 14.0.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_analytics 14.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_access_policy_manager 14.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_acceleration_manager 14.0.0
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_webaccelerator 14.0.0
CVE-2019-6644 MEDIUM

Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 3.9 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_link_controller 14.1.0
f5 big-ip_edge_gateway 14.0.0
f5 big-ip_advanced_firewall_manager 14.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_analytics 14.1.0
f5 big-ip_global_traffic_manager 14.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_policy_enforcement_manager 14.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_local_traffic_manager 14.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_link_controller 14.0.0
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_analytics *
f5 big-ip_webaccelerator 14.1.0
f5 big-ip_edge_gateway 14.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_application_security_manager 14.0.0
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_domain_name_system 14.0.0
f5 big-ip_fraud_protection_service 14.0.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_analytics 14.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_access_policy_manager 14.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_acceleration_manager 14.0.0
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_webaccelerator 14.0.0
CVE-2019-6645 MEDIUM

On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, FTP traffic passing through a Virtual Server with both an active FTP profile associated and connection mirroring configured may lead to a TMM crash causing the configured HA action to be taken.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_link_controller 14.1.0
f5 big-ip_edge_gateway 14.0.0
f5 big-ip_advanced_firewall_manager 14.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_analytics 14.1.0
f5 big-ip_global_traffic_manager 14.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_policy_enforcement_manager 14.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_local_traffic_manager 14.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_link_controller 14.0.0
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_analytics *
f5 big-ip_webaccelerator 14.1.0
f5 big-ip_edge_gateway 14.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_application_security_manager 14.0.0
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_domain_name_system 14.0.0
f5 big-ip_fraud_protection_service 14.0.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_analytics 14.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_access_policy_manager 14.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_acceleration_manager 14.0.0
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_webaccelerator 14.0.0
CVE-2019-6646 MEDIUM

On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager 12.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_application_security_manager 12.0.0
f5 enterprise_manager 3.1.1
f5 big-ip_webaccelerator 12.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_global_traffic_manager 12.0.0
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_fraud_protection_service 12.0.0
f5 big-ip_application_acceleration_manager 12.0.0
f5 big-ip_analytics *
f5 big-ip_edge_gateway 12.0.0
f5 big-ip_local_traffic_manager 12.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_firewall_manager 12.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_link_controller 12.0.0
f5 big-ip_access_policy_manager 12.0.0
f5 big-ip_domain_name_system 12.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics 12.0.0
CVE-2019-6647 MEDIUM

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Under rare conditions attackers with access to the management interface could eventually deplete memory on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_link_controller 14.1.0
f5 big-ip_edge_gateway 14.0.0
f5 big-ip_advanced_firewall_manager 14.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_analytics 14.1.0
f5 big-ip_global_traffic_manager 14.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_policy_enforcement_manager 14.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_local_traffic_manager 14.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_link_controller 14.0.0
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_analytics *
f5 big-ip_webaccelerator 14.1.0
f5 big-ip_edge_gateway 14.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_application_security_manager 14.0.0
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_domain_name_system 14.0.0
f5 big-ip_fraud_protection_service 14.0.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_analytics 14.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_access_policy_manager 14.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_acceleration_manager 14.0.0
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_webaccelerator 14.0.0
CVE-2019-6648 LOW

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
redhat openshift -
f5 container_ingress_service 1.9.0
CVE-2019-6649 MEDIUM

F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_link_controller 14.1.0
f5 big-ip_advanced_firewall_manager 14.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_global_traffic_manager 14.0.0
f5 big-ip_access_policy_manager 15.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_webaccelerator *
f5 big-ip_fraud_protection_service 15.0.0
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_analytics *
f5 big-ip_enterprise_manager 3.1.1
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_application_security_manager 14.0.0
f5 big-ip_fraud_protection_service 14.0.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_analytics 14.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller 15.0.0
f5 big-ip_access_policy_manager 14.0.0
f5 big-ip_analytics 15.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager 15.0.0
f5 big-ip_application_acceleration_manager 14.0.0
f5 big-ip_access_policy_manager *
f5 big-ip_edge_gateway 14.0.0
f5 big-ip_policy_enforcement_manager 15.0.0
f5 big-ip_edge_gateway 15.0.0
f5 big-ip_analytics 14.1.0
f5 big-ip_application_acceleration_manager 15.0.0
f5 big-ip_policy_enforcement_manager 14.0.0
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager 14.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_link_controller 14.0.0
f5 big-ip_webaccelerator 15.0.0
f5 big-ip_webaccelerator 14.1.0
f5 big-ip_domain_name_system 15.0.0
f5 big-ip_advanced_firewall_manager 15.0.0
f5 big-ip_edge_gateway 14.1.0
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_domain_name_system 14.0.0
f5 big-ip_global_traffic_manager 15.0.0
f5 big-ip_local_traffic_manager 15.0.0
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_webaccelerator 14.0.0
CVE-2019-6650 MEDIUM

F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager 14.0.0
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_application_security_manager 15.0.0
f5 big-ip_application_security_manager *
CVE-2019-6651 MEDIUM

In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager 15.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_edge_gateway 15.0.0
f5 big-iq_centralized_management 7.0.0
f5 enterprise_manager 3.1.1
f5 big-ip_application_acceleration_manager 15.0.0
f5 big-ip_access_policy_manager 15.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_fraud_protection_service 15.0.0
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_webaccelerator 15.0.0
f5 big-ip_analytics *
f5 big-ip_domain_name_system 15.0.0
f5 big-ip_advanced_firewall_manager 15.0.0
f5 iworkflow 2.3.0
f5 big-ip_global_traffic_manager 15.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_local_traffic_manager 15.0.0
f5 big-ip_link_controller 15.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_analytics 15.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager 15.0.0
CVE-2019-6652 MEDIUM

In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security (TLS).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-319,

Products Affected

Vendor Product Version
f5 big-iq_centralized_management *
CVE-2019-6653 LOW

There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-iq_centralized_management *
CVE-2019-6654 LOW

On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6655 MEDIUM

On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5.1-11.5.9, BIG-IP platforms where AVR, ASM, APM, PEM, AFM, and/or AAM is provisioned may leak sensitive data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
CVE-2019-6656 MEDIUM

BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager_client *
CVE-2019-6657 MEDIUM

On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6658 MEDIUM

On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
CVE-2019-6659 MEDIUM

On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6660 MEDIUM

On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6661 MEDIUM

When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5 system processes certain requests, the APD/APMD daemon may consume excessive resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2019-6662 MEDIUM

On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6663 MEDIUM

The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 iworkflow 2.3.0
f5 big-iq_centralized_management 7.0.0
f5 big-ip_fraud_protection_service *
f5 enterprise_manager 3.1.1
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6664 MEDIUM

On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the management port do not follow current best practices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager 15.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_edge_gateway 15.0.0
f5 big-ip_application_acceleration_manager 15.0.0
f5 big-ip_access_policy_manager 15.0.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_fraud_protection_service 15.0.0
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_webaccelerator 15.0.0
f5 big-ip_analytics *
f5 big-ip_domain_name_system 15.0.0
f5 big-ip_advanced_firewall_manager 15.0.0
f5 big-ip_global_traffic_manager 15.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_local_traffic_manager 15.0.0
f5 big-ip_link_controller 15.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_analytics 15.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager 15.0.0
CVE-2019-6665 HIGH

On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5 iWorkflow will be able to set up the proxy the same way and intercept the traffic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 3.9 5.5

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-iq_centralized_management *
f5 big-ip_application_security_manager *
f5 big-iq_centralized_management 6.0.0
f5 iworkflow 2.3.0
f5 enterprise_manager 3.1.1
CVE-2019-6666 MEDIUM

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, and 13.1.0-13.1.1.4, the TMM process may produce a core file when an upstream server or cache sends the BIG-IP an invalid age header value.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6667 MEDIUM

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic for a Virtual Server with the FIX (Financial Information eXchange) profile applied.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6668 MEDIUM

The BIG-IP APM Edge Client for macOS bundled with BIG-IP APM 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5 may allow unprivileged users to access files owned by root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2019-6669 MEDIUM

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, undisclosed traffic flow may cause TMM to restart under some circumstances.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6670 LOW

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-312,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6671 MEDIUM

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, under certain conditions tmm may leak memory when processing packet fragments, leading to resource starvation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6672 MEDIUM

On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
CVE-2019-6673 MEDIUM

On versions 15.0.0-15.0.1 and 14.0.0-14.1.2, when the BIG-IP is configured in HTTP/2 Full Proxy mode, specifically crafted requests may cause a disruption of service provided by the Traffic Management Microkernel (TMM).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_security_manager *
f5 big-ip_fraud_protection_service *
CVE-2019-6674 MEDIUM

On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may crash when processing SSLO data in a service-chaining configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 ssl_orchestrator *
CVE-2019-6675 HIGH

BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the system. This issue only impacts specific engineering hotfixes using the aforementioned authentication configuration. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.3.0.79.6-ENG.iso, Hotfix-BIGIP-14.1.0.3.0.97.6-ENG.iso, Hotfix-BIGIP-14.1.0.3.0.99.6-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.15.5-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.36.5-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.40.5-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.11.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.14.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.68.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.70.9-ENG.iso, Hotfix-BIGIP-14.1.2.0.11.37-ENG.iso, Hotfix-BIGIP-14.1.2.0.18.37-ENG.iso, Hotfix-BIGIP-14.1.2.0.32.37-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.46.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.14.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.16.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.34.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.97.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.99.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.105.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.111.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.115.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.122.4-ENG.iso, Hotfix-BIGIP-15.0.1.0.33.11-ENG.iso, Hotfix-BIGIP-15.0.1.0.48.11-ENG.iso

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
f5 big-ip_analytics 14.1.0.6.0.70.9-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.2.0.18.37-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.2.1.0.34.4-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.2.1.0.99.4-eng_hotfix
f5 big-ip_link_controller 14.1.0.5.0.40.5-eng_hotfix
f5 big-ip_application_security_manager *
f5 big-ip_advanced_firewall_manager 14.1.2.1.0.111.4-eng_hotfix
f5 big-ip_link_controller 14.1.2.1.0.99.4-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.0.3.0.97.6-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.2.1.0.99.4-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.0.6.0.68.9-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.2.1.0.14.4-eng_hotfix
f5 big-ip_analytics 14.1.0.5.0.15.5-eng_hotfix
f5 big-ip_analytics 14.1.2.1.0.105.4-eng_hotfix
f5 big-ip_application_security_manager 14.1.2.1.0.99.4-eng_hotfix
f5 big-ip_analytics 14.1.2.1.0.16.4-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.2.0.32.37-eng_hotfix
f5 big-ip_analytics 14.1.2.0.18.37-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.2.1.0.111.4-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.0.5.0.40.5-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.2.1.0.46.4-eng_hotfix
f5 big-ip_link_controller 14.1.2.0.18.37-eng_hotfix
f5 big-ip_analytics 14.1.0.3.0.97.6-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.0.3.0.97.6-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.0.6.0.70.9-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.2.1.0.105.4-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.0.3.0.97.6-eng_hotfix
f5 big-ip_link_controller 14.1.0.6.0.68.9-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.2.1.0.122.4-eng_hotfix
f5 big-ip_access_policy_manager 14.1.2.1.0.115.4-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.2.0.18.37-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.2.0.11.37-eng_hotfix
f5 big-ip_link_controller 14.1.2.1.0.105.4-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.2.1.0.105.4-eng_hotfix
f5 big-ip_link_controller 14.1.2.1.0.97.4-eng_hotfix
f5 big-ip_access_policy_manager 14.1.0.5.0.15.5-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.2.1.0.115.4-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.2.1.0.46.4-eng_hotfix
f5 big-ip_application_security_manager 14.1.2.1.0.111.4-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.0.3.0.99.6-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.2.1.0.46.4-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.0.5.0.40.5-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.2.0.32.37-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.0.6.0.68.9-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.2.1.0.46.4-eng_hotfix
f5 big-ip_access_policy_manager 14.1.2.0.32.37-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.2.1.0.97.4-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.0.5.0.15.5-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.0.6.0.14.9-eng_hotfix
f5 big-ip_access_policy_manager 14.1.0.3.0.99.6-eng_hotfix
f5 big-ip_analytics 14.1.2.1.0.97.4-eng_hotfix
f5 big-ip_access_policy_manager 14.1.0.6.0.11.9-eng_hotfix
f5 big-ip_access_policy_manager 14.1.2.0.11.37-eng_hotfix
f5 big-ip_advanced_firewall_manager *
f5 big-ip_access_policy_manager 14.1.0.5.0.40.5-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.2.1.0.34.4-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.2.0.32.37-eng_hotfix
f5 big-ip_application_security_manager 14.1.0.6.0.14.9-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.0.5.0.40.5-eng_hotfix
f5 big-ip_access_policy_manager 14.1.0.6.0.70.9-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.0.6.0.14.9-eng_hotfix
f5 big-ip_analytics 14.1.2.0.11.37-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.2.1.0.16.4-eng_hotfix
f5 big-ip_domain_name_system 14.1.0.5.0.40.5-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.0.6.0.68.9-eng_hotfix
f5 big-ip_analytics 14.1.0.5.0.40.5-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.0.3.0.99.6-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.2.1.0.16.4-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.0.6.0.11.9-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.2.1.0.122.4-eng_hotfix
f5 big-ip_analytics 14.1.2.0.32.37-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.0.5.0.36.5-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.0.6.0.70.9-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.2.1.0.115.4-eng_hotfix
f5 big-ip_domain_name_system *
f5 big-ip_link_controller 14.1.0.3.0.79.6-eng_hotfix
f5 big-ip_domain_name_system 14.1.2.0.18.37-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.2.1.0.115.4-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.0.3.0.97.6-eng_hotfix
f5 big-ip_application_acceleration_manager *
f5 big-ip_advanced_firewall_manager 14.1.2.0.18.37-eng_hotfix
f5 big-ip_domain_name_system 14.1.0.3.0.97.6-eng_hotfix
f5 big-ip_analytics *
f5 big-ip_advanced_firewall_manager 14.1.2.1.0.34.4-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.2.1.0.122.4-eng_hotfix
f5 big-ip_domain_name_system 14.1.2.1.0.111.4-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.2.1.0.122.4-eng_hotfix
f5 big-ip_link_controller 14.1.0.5.0.36.5-eng_hotfix
f5 big-ip_domain_name_system 14.1.2.1.0.105.4-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.0.6.0.70.9-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.2.1.0.97.4-eng_hotfix
f5 big-ip_domain_name_system 14.1.2.1.0.16.4-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.2.1.0.99.4-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.2.1.0.115.4-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.0.5.0.15.5-eng_hotfix
f5 big-ip_application_security_manager 14.1.2.1.0.122.4-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.0.5.0.15.5-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.2.1.0.111.4-eng_hotfix
f5 big-ip_application_security_manager 14.1.0.3.0.79.6-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.2.1.0.105.4-eng_hotfix
f5 big-ip_analytics 14.1.0.6.0.14.9-eng_hotfix
f5 big-ip_domain_name_system 14.1.2.1.0.14.4-eng_hotfix
f5 big-ip_domain_name_system 14.1.0.6.0.70.9-eng_hotfix
f5 big-ip_domain_name_system 14.1.2.1.0.115.4-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.2.1.0.46.4-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.2.1.0.105.4-eng_hotfix
f5 big-ip_analytics 14.1.0.5.0.36.5-eng_hotfix
f5 big-ip_application_security_manager 14.1.2.0.18.37-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.0.5.0.40.5-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.0.3.0.79.6-eng_hotfix
f5 big-ip_analytics 14.1.2.1.0.34.4-eng_hotfix
f5 big-ip_link_controller *
f5 big-ip_global_traffic_manager 14.1.0.6.0.68.9-eng_hotfix
f5 big-ip_policy_enforcement_manager *
f5 big-ip_domain_name_system 14.1.0.3.0.99.6-eng_hotfix
f5 big-ip_access_policy_manager 14.1.0.6.0.68.9-eng_hotfix
f5 big-ip_application_security_manager 14.1.2.1.0.115.4-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.0.3.0.99.6-eng_hotfix
f5 big-ip_domain_name_system 14.1.0.5.0.15.5-eng_hotfix
f5 big-ip_application_security_manager 14.1.2.0.32.37-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.2.0.18.37-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.2.0.11.37-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.2.1.0.16.4-eng_hotfix
f5 big-ip_link_controller 14.1.2.1.0.14.4-eng_hotfix
f5 big-ip_access_policy_manager 14.1.2.1.0.14.4-eng_hotfix
f5 big-ip_link_controller 14.1.2.1.0.115.4-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.2.1.0.122.4-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.0.3.0.79.6-eng_hotfix
f5 big-ip_application_security_manager 14.1.2.1.0.46.4-eng_hotfix
f5 big-ip_domain_name_system 14.1.0.3.0.79.6-eng_hotfix
f5 big-ip_link_controller 14.1.0.6.0.14.9-eng_hotfix
f5 big-ip_application_security_manager 14.1.0.6.0.70.9-eng_hotfix
f5 big-ip_link_controller 14.1.2.0.32.37-eng_hotfix
f5 big-ip_access_policy_manager 14.1.2.1.0.34.4-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.2.1.0.34.4-eng_hotfix
f5 big-ip_analytics 14.1.2.1.0.14.4-eng_hotfix
f5 big-ip_access_policy_manager 14.1.2.1.0.105.4-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.2.1.0.46.4-eng_hotfix
f5 big-ip_local_traffic_manager *
f5 big-ip_application_acceleration_manager 14.1.0.6.0.68.9-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.0.5.0.36.5-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.2.1.0.111.4-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.0.5.0.15.5-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.0.5.0.15.5-eng_hotfix
f5 big-ip_link_controller 14.1.0.3.0.99.6-eng_hotfix
f5 big-ip_domain_name_system 14.1.2.1.0.46.4-eng_hotfix
f5 big-ip_application_security_manager 14.1.0.3.0.97.6-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.0.3.0.99.6-eng_hotfix
f5 big-ip_domain_name_system 14.1.0.5.0.36.5-eng_hotfix
f5 big-ip_access_policy_manager 14.1.2.1.0.99.4-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.0.5.0.36.5-eng_hotfix
f5 big-ip_application_security_manager 14.1.2.1.0.34.4-eng_hotfix
f5 big-ip_access_policy_manager 14.1.0.6.0.14.9-eng_hotfix
f5 big-ip_access_policy_manager 14.1.2.1.0.122.4-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.0.6.0.68.9-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.2.1.0.14.4-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.2.0.11.37-eng_hotfix
f5 big-ip_analytics 14.1.0.6.0.11.9-eng_hotfix
f5 big-ip_access_policy_manager 14.1.2.1.0.97.4-eng_hotfix
f5 big-ip_domain_name_system 14.1.2.1.0.122.4-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.2.1.0.34.4-eng_hotfix
f5 big-ip_link_controller 14.1.2.0.11.37-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.2.0.32.37-eng_hotfix
f5 big-ip_link_controller 14.1.0.6.0.70.9-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.2.1.0.14.4-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.2.1.0.16.4-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.2.0.11.37-eng_hotfix
f5 big-ip_analytics 14.1.0.3.0.99.6-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.0.6.0.70.9-eng_hotfix
f5 big-ip_access_policy_manager 14.1.0.3.0.79.6-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.0.6.0.11.9-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.0.5.0.15.5-eng_hotfix
f5 big-ip_link_controller 14.1.2.1.0.16.4-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.2.1.0.14.4-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.0.3.0.97.6-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.0.3.0.79.6-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.0.3.0.79.6-eng_hotfix
f5 big-ip_link_controller 14.1.2.1.0.34.4-eng_hotfix
f5 big-ip_application_security_manager 14.1.0.3.0.99.6-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.2.1.0.97.4-eng_hotfix
f5 big-ip_access_policy_manager 14.1.0.3.0.97.6-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.2.1.0.99.4-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.2.1.0.14.4-eng_hotfix
f5 big-ip_domain_name_system 14.1.2.1.0.97.4-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.0.6.0.11.9-eng_hotfix
f5 big-ip_access_policy_manager 14.1.2.1.0.111.4-eng_hotfix
f5 big-ip_domain_name_system 14.1.0.6.0.68.9-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.2.1.0.97.4-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.0.6.0.14.9-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.0.5.0.36.5-eng_hotfix
f5 big-ip_application_security_manager 14.1.2.1.0.105.4-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.0.3.0.99.6-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.2.1.0.99.4-eng_hotfix
f5 big-ip_application_security_manager 14.1.0.5.0.40.5-eng_hotfix
f5 big-ip_domain_name_system 14.1.2.0.32.37-eng_hotfix
f5 big-ip_analytics 14.1.2.1.0.99.4-eng_hotfix
f5 big-ip_domain_name_system 14.1.2.1.0.34.4-eng_hotfix
f5 big-ip_application_security_manager 14.1.2.1.0.16.4-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.0.6.0.70.9-eng_hotfix
f5 big-ip_domain_name_system 14.1.0.6.0.11.9-eng_hotfix
f5 big-ip_access_policy_manager 14.1.0.5.0.36.5-eng_hotfix
f5 big-ip_application_security_manager 14.1.0.6.0.68.9-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.0.6.0.14.9-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.0.6.0.14.9-eng_hotfix
f5 big-ip_link_controller 14.1.0.6.0.11.9-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.0.3.0.99.6-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.2.1.0.14.4-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.0.5.0.40.5-eng_hotfix
f5 big-ip_analytics 14.1.0.3.0.79.6-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.2.1.0.99.4-eng_hotfix
f5 big-ip_link_controller 14.1.2.1.0.46.4-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.2.0.11.37-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.0.5.0.36.5-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.2.0.32.37-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.0.3.0.79.6-eng_hotfix
f5 big-ip_domain_name_system 14.1.2.0.11.37-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.2.0.32.37-eng_hotfix
f5 big-ip_application_security_manager 14.1.2.1.0.14.4-eng_hotfix
f5 big-ip_application_security_manager 14.1.2.0.11.37-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.2.1.0.16.4-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.2.0.18.37-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.2.1.0.105.4-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.2.1.0.115.4-eng_hotfix
f5 big-ip_fraud_protection_service *
f5 big-ip_policy_enforcement_manager 14.1.0.5.0.40.5-eng_hotfix
f5 big-ip_analytics 14.1.2.1.0.46.4-eng_hotfix
f5 big-ip_analytics 14.1.2.1.0.111.4-eng_hotfix
f5 big-ip_global_traffic_manager *
f5 big-ip_fraud_protection_service 14.1.2.1.0.115.4-eng_hotfix
f5 big-ip_domain_name_system 14.1.0.6.0.14.9-eng_hotfix
f5 big-ip_link_controller 14.1.2.1.0.122.4-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.2.1.0.16.4-eng_hotfix
f5 big-ip_analytics 14.1.2.1.0.115.4-eng_hotfix
f5 big-ip_domain_name_system 14.1.2.1.0.99.4-eng_hotfix
f5 big-ip_application_security_manager 14.1.2.1.0.97.4-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.0.3.0.97.6-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.0.6.0.11.9-eng_hotfix
f5 big-ip_access_policy_manager *
f5 big-ip_fraud_protection_service 14.1.2.1.0.111.4-eng_hotfix
f5 big-ip_fraud_protection_service 14.1.2.0.18.37-eng_hotfix
f5 big-ip_analytics 14.1.0.6.0.68.9-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.2.1.0.122.4-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.2.0.11.37-eng_hotfix
f5 big-ip_link_controller 14.1.0.5.0.15.5-eng_hotfix
f5 big-ip_link_controller 14.1.0.3.0.97.6-eng_hotfix
f5 big-ip_application_security_manager 14.1.0.5.0.15.5-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.0.6.0.70.9-eng_hotfix
f5 big-ip_advanced_firewall_manager 14.1.2.1.0.105.4-eng_hotfix
f5 big-ip_application_security_manager 14.1.0.6.0.11.9-eng_hotfix
f5 big-ip_access_policy_manager 14.1.2.1.0.46.4-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.2.1.0.34.4-eng_hotfix
f5 big-ip_analytics 14.1.2.1.0.122.4-eng_hotfix
f5 big-ip_policy_enforcement_manager 14.1.2.1.0.97.4-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.2.1.0.97.4-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.0.6.0.11.9-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.2.1.0.111.4-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.0.3.0.79.6-eng_hotfix
f5 big-ip_application_security_manager 14.1.0.5.0.36.5-eng_hotfix
f5 big-ip_access_policy_manager 14.1.2.0.18.37-eng_hotfix
f5 big-ip_link_controller 14.1.2.1.0.111.4-eng_hotfix
f5 big-ip_global_traffic_manager 14.1.0.6.0.14.9-eng_hotfix
f5 big-ip_local_traffic_manager 14.1.0.6.0.11.9-eng_hotfix
f5 big-ip_access_policy_manager 14.1.2.1.0.16.4-eng_hotfix
f5 big-ip_application_acceleration_manager 14.1.0.5.0.36.5-eng_hotfix
CVE-2019-6676 MEDIUM

On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM may restart on BIG-IP Virtual Edition (VE) when using virtio direct descriptors and packets 2 KB or larger.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6677 MEDIUM

On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, under certain conditions when using custom TCP congestion control settings in a TCP profile, TMM stops processing traffic when processed by an iRule.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2019-6678 MEDIUM

On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, the TMM process may restart when the packet filter feature is enabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6679 LOW

On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6680 HIGH

On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5, while processing traffic through a standard virtual server that targets a FastL4 virtual server (VIP on VIP), hardware appliances may stop responding.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2019-6681 HIGH

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a memory leak in Multicast Forwarding Cache (MFC) handling in tmrouted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-401,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
CVE-2019-6682 MEDIUM

On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP ASM system may consume excessive resources when processing certain types of HTTP responses from the origin web server. This vulnerability is only known to affect resource-constrained systems in which the security policy is configured with response-side features, such as Data Guard or response-side learning.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
CVE-2019-6683 MEDIUM

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be subject to excessive flow usage under undisclosed conditions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6684 MEDIUM

On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing (vCMP) may drop broadcast packets when they are rebroadcast to the vCMP guest secondary blades. An attacker can leverage the fragmented broadcast IP packets to perform any type of fragmentation-based attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2019-6685 MEDIUM

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6686 MEDIUM

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, the Traffic Management Microkernel (TMM) might stop responding after the total number of diameter connections and pending messages on a single virtual server has reached 32K.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
CVE-2019-6687 MEDIUM

On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
CVE-2019-6688 MEDIUM

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5 and BIG-IQ versions 6.0.0-6.1.0 and 5.2.0-5.4.0, a user is able to obtain the secret that was being used to encrypt a BIG-IP UCS backup file while sending SNMP query to the BIG-IP or BIG-IQ system, however the user can not access to the UCS files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2019-6974 MEDIUM

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-416,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_aus 7.4
f5 big-ip_application_security_manager *
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
redhat enterprise_linux_eus 7.5
debian debian_linux 8.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
canonical ubuntu_linux 12.04
redhat openshift_container_platform 3.11
f5 big-ip_policy_enforcement_manager *
canonical ubuntu_linux 18.10
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
redhat enterprise_linux_server_tus 7.4
f5 big-ip_analytics *
linux linux_kernel *
f5 big-ip_fraud_protection_service *
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_desktop 7.0
f5 big-ip_advanced_firewall_manager *
redhat enterprise_linux 7.0
canonical ubuntu_linux 18.04
redhat enterprise_linux_server_eus 7.6
f5 big-ip_global_traffic_manager *
redhat enterprise_linux_server 7.0
CVE-2019-7401 HIGH

NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
nginx unit *
f5 nginx_unit *
CVE-2019-8331 MEDIUM

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
tenable tenable.sc *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
getbootstrap bootstrap *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
redhat virtualization_manager 4.3
CVE-2019-9070 MEDIUM

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
netapp element_software_management *
canonical ubuntu_linux 18.04
gnu binutils 2.32
canonical ubuntu_linux 16.04
f5 traffix_signaling_delivery_controller *
CVE-2019-9075 MEDIUM

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 14.1.0
f5 big-ip_policy_enforcement_manager 15.0.0
f5 big-ip_edge_gateway 15.0.0
f5 big-ip_analytics 14.1.0
f5 big-ip_application_acceleration_manager 15.0.0
f5 big-ip_access_policy_manager 15.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_fraud_protection_service 15.0.0
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_webaccelerator 15.0.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_domain_name_system 15.0.0
gnu binutils 2.32
f5 big-ip_advanced_firewall_manager 15.0.0
f5 big-ip_edge_gateway 14.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_policy_webaccelerator 14.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_global_traffic_manager 15.0.0
f5 big-ip_local_traffic_manager 15.0.0
f5 big-ip_link_controller 15.0.0
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_analytics 15.0.0
canonical ubuntu_linux 18.04
netapp hci_management_node -
f5 big-ip_application_security_manager 15.0.0
netapp solidfire -
f5 big-ip_application_acceleration_manager 14.1.0
CVE-2019-9077 MEDIUM

An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
netapp element_software -
gnu binutils 2.32
f5 traffix_signaling_delivery_controller *
CVE-2019-9511 HIGH

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
opensuse leap 15.1
canonical ubuntu_linux 16.04
fedoraproject fedora 30
canonical ubuntu_linux 19.04
redhat openshift_service_mesh 1.0
synology skynas -
opensuse leap 15.0
debian debian_linux 10.0
redhat jboss_enterprise_application_platform 7.2.0
synology diskstation_manager 6.2
redhat software_collections 1.0
redhat quay 3.0.0
synology vs960hd_firmware -
f5 nginx *
oracle enterprise_communications_broker 3.1.0
fedoraproject fedora 29
apple swiftnio *
apache traffic_server *
oracle enterprise_communications_broker 3.2.0
redhat jboss_core_services 1.0
nodejs node.js *
canonical ubuntu_linux 18.04
redhat enterprise_linux 8.0
redhat jboss_enterprise_application_platform 7.3.0
oracle graalvm 19.2.0
mcafee web_gateway *
debian debian_linux 9.0
CVE-2019-9513 HIGH

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,NVD-CWE-Other,

Products Affected

Vendor Product Version
opensuse leap 15.1
canonical ubuntu_linux 16.04
fedoraproject fedora 30
canonical ubuntu_linux 19.04
redhat openshift_service_mesh 1.0
synology skynas -
opensuse leap 15.0
debian debian_linux 10.0
redhat jboss_enterprise_application_platform 7.2.0
synology diskstation_manager 6.2
redhat software_collections 1.0
redhat quay 3.0.0
synology vs960hd_firmware -
f5 nginx *
oracle enterprise_communications_broker 3.1.0
fedoraproject fedora 29
apple swiftnio *
apache traffic_server *
oracle enterprise_communications_broker 3.2.0
redhat jboss_core_services 1.0
nodejs node.js *
canonical ubuntu_linux 18.04
redhat enterprise_linux 8.0
redhat jboss_enterprise_application_platform 7.3.0
oracle graalvm 19.2.0
mcafee web_gateway *
debian debian_linux 9.0
CVE-2019-9514 HIGH

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
redhat single_sign-on 7.3
f5 big-ip_local_traffic_manager *
opensuse leap 15.1
redhat openshift_container_platform 3.10
redhat enterprise_linux_eus 8.1
netapp trident -
redhat enterprise_linux_workstation 7.0
redhat openshift_container_platform 4.2
canonical ubuntu_linux 16.04
fedoraproject fedora 30
canonical ubuntu_linux 19.04
redhat openshift_container_platform 3.11
redhat openshift_service_mesh 1.0
synology skynas -
netapp cloud_insights -
opensuse leap 15.0
debian debian_linux 10.0
redhat developer_tools 1.0
redhat jboss_enterprise_application_platform 7.2.0
synology diskstation_manager 6.2
redhat software_collections 1.0
redhat quay 3.0.0
synology vs960hd_firmware -
fedoraproject fedora 29
redhat openstack 14
apple swiftnio *
apache traffic_server *
redhat jboss_core_services 1.0
nodejs node.js *
canonical ubuntu_linux 18.04
redhat enterprise_linux 8.0
redhat jboss_enterprise_application_platform 7.3.0
oracle graalvm 19.2.0
redhat openshift_container_platform 3.9
redhat openshift_container_platform 4.1
mcafee web_gateway *
redhat enterprise_linux_server 7.0
debian debian_linux 9.0
CVE-2019-9515 HIGH

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
redhat single_sign-on 7.3
f5 big-ip_local_traffic_manager *
opensuse leap 15.1
canonical ubuntu_linux 16.04
fedoraproject fedora 30
canonical ubuntu_linux 19.04
redhat openshift_service_mesh 1.0
synology skynas -
opensuse leap 15.0
debian debian_linux 10.0
redhat jboss_enterprise_application_platform 7.2.0
synology diskstation_manager 6.2
redhat software_collections 1.0
redhat quay 3.0.0
synology vs960hd_firmware -
fedoraproject fedora 29
redhat openstack 14
apple swiftnio *
apache traffic_server *
redhat jboss_core_services 1.0
nodejs node.js *
canonical ubuntu_linux 18.04
redhat enterprise_linux 8.0
redhat jboss_enterprise_application_platform 7.3.0
oracle graalvm 19.2.0
redhat openshift_container_platform 4.1
mcafee web_gateway *
debian debian_linux 9.0
CVE-2019-9516 MEDIUM

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
opensuse leap 15.1
canonical ubuntu_linux 16.04
fedoraproject fedora 30
canonical ubuntu_linux 19.04
redhat openshift_service_mesh 1.0
synology skynas -
opensuse leap 15.0
debian debian_linux 10.0
redhat jboss_enterprise_application_platform 7.2.0
synology diskstation_manager 6.2
redhat software_collections 1.0
redhat quay 3.0.0
synology vs960hd_firmware -
f5 nginx *
fedoraproject fedora 29
apple swiftnio *
apache traffic_server *
redhat jboss_core_services 1.0
nodejs node.js *
canonical ubuntu_linux 18.04
redhat enterprise_linux 8.0
redhat jboss_enterprise_application_platform 7.3.0
oracle graalvm 19.2.0
mcafee web_gateway *
fedoraproject fedora 32
debian debian_linux 9.0
CVE-2020-19692

Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
f5 njs *
nginx njs 2019-06-27
CVE-2020-24346 MEDIUM

njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
f5 njs *
CVE-2020-24347 LOW

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
f5 njs *
CVE-2020-24348 LOW

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
f5 njs *
CVE-2020-24349 LOW

njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-416,

Products Affected

Vendor Product Version
f5 njs *
CVE-2020-27713 MEDIUM

In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the connection is reset and the Traffic Management Microkernel (TMM) leaks memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager 13.1.3.4
CVE-2020-27714 MEDIUM

On the BIG-IP AFM version 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when a Protocol Inspection Profile is attached to a FastL4 virtual server with the protocol field configured to either Other or All Protocols, the TMM may experience a restart if the profile processes non-TCP traffic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
CVE-2020-27715 HIGH

On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high (~100%) CPU utilization by the httpd daemon.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-27716 HIGH

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when a BIG-IP APM virtual server processes traffic of an undisclosed nature, the Traffic Management Microkernel (TMM) stops responding and restarts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2020-27717 HIGH

On BIG-IP DNS 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, undisclosed series of DNS requests may cause TMM to restart and generate a core file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_domain_name_system *
CVE-2020-27718 MEDIUM

When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2020-27719 MEDIUM

On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2020-27720 MEDIUM

On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when processing NAT66 traffic with Port Block Allocation (PBA) mode and SP-DAG enabled, and dag-ipv6-prefix-len configured with a value less than the default of 128, an undisclosed traffic pattern may cause the Traffic Management Microkernel (TMM) to restart.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
CVE-2020-27721 MEDIUM

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.1, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, in a BIG-IP DNS / BIG-IP LTM GSLB deployment, under certain circumstances, the BIG-IP DNS system may stop using a BIG-IP LTM virtual server for DNS response.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_global_traffic_manager *
f5 big-ip_domain_name_system *
CVE-2020-27722 LOW

In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource consumption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2020-27723 MEDIUM

In versions 14.1.0-14.1.3 and 13.1.0-13.1.3.4, a BIG-IP APM virtual server processing PingAccess requests may lead to a restart of the Traffic Management Microkernel (TMM) process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2020-27724 MEDIUM

In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic over the tunnel.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2020-27725 LOW

In version 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 of BIG-IP DNS, GTM, and Link Controller, zxfrd leaks memory when listing DNS zones. Zones can be listed via TMSH, iControl or SNMP; only users with access to those services can trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-401,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_global_traffic_manager *
f5 big-ip_domain_name_system *
CVE-2020-27726 MEDIUM

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2020-27727 MEDIUM

On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system does not sufficiently validate user input, allowing the user read access to the filesystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-27728 MEDIUM

On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon (AVRD) may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2020-27729 MEDIUM

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2020-27730 HIGH

In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
netapp cloud_backup -
f5 nginx_controller 1.0.1
f5 nginx_controller *
CVE-2020-5851 LOW

On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.2.0.45.4-ENG Hotfix-BIGIP-14.1.0.2.0.62.4-ENG

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
f5 big-ip_policy_enforcement_manager 14.1.0.2.0.62.4
f5 big-ip_application_security_manager 14.1.0.2.0.62.4
f5 big-ip_edge_gateway 14.1.0.2.0.45.4
f5 big-ip_analytics 14.1.0.2.0.62.4
f5 big-ip_application_security_manager 14.1.0.2.0.45.4
f5 big-ip_fraud_protection_service 14.1.0.2.0.62.4
f5 big-ip_analytics 14.1.0.2.0.45.4
f5 big-ip_edge_gateway 14.1.0.2.0.62.4
f5 big-ip_fraud_protection_service 14.1.0.2.0.45.4
f5 big-ip_advanced_firewall_manager 14.1.0.2.0.62.4
f5 big-ip_webaccelerator 14.1.0.2.0.62.4
f5 big-ip_webaccelerator 14.1.0.2.0.45.4
f5 big-ip_global_traffic_manager 14.1.0.2.0.62.4
f5 big-ip_link_controller 14.1.0.2.0.62.4
f5 big-ip_global_traffic_manager 14.1.0.2.0.45.4
f5 big-ip_domain_name_system 14.1.0.2.0.45.4
f5 big-ip_access_policy_manager 14.1.0.2.0.45.4
f5 big-ip_application_acceleration_manager 14.1.0.2.0.62.4
f5 big-ip_access_policy_manager 14.1.0.2.0.62.4
f5 big-ip_policy_enforcement_manager 14.1.0.2.0.45.4
f5 big-ip_link_controller 14.1.0.2.0.45.4
f5 big-ip_advanced_firewall_manager 14.1.0.2.0.45.4
f5 big-ip_local_traffic_manager 14.1.0.2.0.45.4
f5 big-ip_domain_name_system 14.1.0.2.0.62.4
f5 big-ip_application_acceleration_manager 14.1.0.2.0.45.4
f5 big-ip_local_traffic_manager 14.1.0.2.0.62.4
CVE-2020-5852 MEDIUM

Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific engineering hotfixes. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.2.1.0.83.4-ENG Hotfix-BIGIP-12.1.4.1.0.97.6-ENG Hotfix-BIGIP-11.5.4.2.74.291-HF2

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_edge_gateway 11.5.4.2.74.291
f5 big-ip_domain_name_system 12.1.4.1.0.97.6
f5 big-ip_edge_gateway 14.1.2.1.0.83.4
f5 big-ip_application_security_manager 12.1.4.1.0.97.6
f5 big-ip_global_traffic_manager 12.1.4.1.0.97.6
f5 big-ip_application_acceleration_manager 12.1.4.1.0.97.6
f5 big-ip_access_policy_manager 14.1.2.1.0.83.4
f5 big-ip_fraud_protection_service 14.1.2.1.0.83.4
f5 big-ip_webaccelerator 12.1.4.1.0.97.6
f5 big-ip_local_traffic_manager 14.1.2.1.0.83.4
f5 big-ip_local_traffic_manager 11.5.4.2.74.291
f5 big-ip_policy_enforcement_manager 14.1.2.1.0.83.4
f5 big-ip_local_traffic_manager 12.1.4.1.0.97.6
f5 big-ip_advanced_firewall_manager 11.5.4.2.74.291
f5 big-ip_application_security_manager 14.1.2.1.0.83.4
f5 big-ip_domain_name_system 11.5.4.2.74.291
f5 big-ip_application_acceleration_manager 11.5.4.2.74.291
f5 big-ip_advanced_firewall_manager 12.1.4.1.0.97.6
f5 big-ip_analytics 14.1.2.1.0.83.4
f5 big-ip_fraud_protection_service 12.1.4.1.0.97.6
f5 big-ip_link_controller 12.1.4.1.0.97.6
f5 big-ip_access_policy_manager 12.1.4.1.0.97.6
f5 big-ip_link_controller 11.5.4.2.74.291
f5 big-ip_analytics 12.1.4.1.0.97.6
f5 big-ip_application_security_manager 11.5.4.2.74.291
f5 big-ip_policy_enforcement_manager 11.5.4.2.74.291
f5 big-ip_global_traffic_manager 11.5.4.2.74.291
f5 big-ip_application_acceleration_manager 14.1.2.1.0.83.4
f5 big-ip_link_controller 14.1.2.1.0.83.4
f5 big-ip_policy_enforcement_manager 12.1.4.1.0.97.6
f5 big-ip_webaccelerator 11.5.4.2.74.291
f5 big-ip_advanced_firewall_manager 14.1.2.1.0.83.4
f5 big-ip_webaccelerator 14.1.2.1.0.83.4
f5 big-ip_edge_gateway 12.1.4.1.0.97.6
f5 big-ip_global_traffic_manager 14.1.2.1.0.83.4
f5 big-ip_analytics 11.5.4.2.74.291
f5 big-ip_fraud_protection_service 11.5.4.2.74.291
f5 big-ip_domain_name_system 14.1.2.1.0.83.4
f5 big-ip_access_policy_manager 11.5.4.2.74.291
CVE-2020-5853 LOW

In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2020-5854 MEDIUM

On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 iworkflow 2.3.0
f5 big-iq_centralized_management 7.0.0
f5 big-ip_fraud_protection_service *
f5 enterprise_manager 3.1.1
f5 traffix_signaling_delivery_controller *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2020-5855 MEDIUM

When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 0.9 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager_client *
CVE-2020-5856 MEDIUM

On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5857 MEDIUM

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2020-5858 MEDIUM

On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-iq_centralized_management 7.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2020-5859 MEDIUM

On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5860 MEDIUM

On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-319,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-iq_centralized_management 7.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2020-5861 MEDIUM

On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5862 MEDIUM

On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms, hardware or virtual, or any other cloud provider since the affected driver is specific to AWS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5863 HIGH

In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 3.9 4.7

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp cloud_backup -
f5 nginx_controller 1.0.1
f5 nginx_controller *
CVE-2020-5864 MEDIUM

In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
f5 nginx_controller 1.0.1
f5 nginx_controller *
CVE-2020-5865 MEDIUM

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 2.2 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
netapp cloud_backup -
f5 nginx_controller 1.0.1
f5 nginx_controller *
CVE-2020-5866 LOW

In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 nginx_controller 1.0.1
f5 nginx_controller *
CVE-2020-5867 MEDIUM

In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-494,

Products Affected

Vendor Product Version
netapp cloud_backup -
f5 nginx_controller 1.0.1
f5 nginx_controller *
CVE-2020-5868 HIGH

In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
f5 big-iq_centralized_management *
f5 big-iq_centralized_management 7.0.0
CVE-2020-5869 MEDIUM

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-924,

Products Affected

Vendor Product Version
f5 big-iq_centralized_management *
CVE-2020-5870 MEDIUM

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
f5 big-iq_centralized_management *
CVE-2020-5871 MEDIUM

On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service (DoS) when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5872 MEDIUM

On BIG-IP 14.1.0-14.1.2.3, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.4.1, when processing TLS traffic with hardware cryptographic acceleration enabled on platforms with Intel QAT hardware, the Traffic Management Microkernel (TMM) may stop responding and cause a failover event.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5873 MEDIUM

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2020-5874 MEDIUM

On BIG-IP APM 15.0.0-15.0.1.2, 14.1.0-14.1.2.3, and 14.0.0-14.0.1, in certain circumstances, an attacker sending specifically crafted requests to a BIG-IP APM virtual server may cause a disruption of service provided by the Traffic Management Microkernel(TMM).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2020-5875 MEDIUM

On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, the Traffic Management Microkernel (TMM) may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5876 MEDIUM

On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management Microkernel (TMM) first starts up.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-362,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5877 MEDIUM

On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, malformed input to the DATAGRAM::tcp iRules command within a FLOW_INIT event may lead to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5878 MEDIUM

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.3, Traffic Management Microkernel (TMM) may restart on BIG-IP Virtual Edition (VE) while processing unusual IP traffic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5879 MEDIUM

On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-IP system sends data plane traffic to back-end servers unencrypted, even when a Server SSL profile is applied.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
CVE-2020-5880 MEDIUM

Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process may expose a way for attackers to upload arbitrary files on the BIG-IP system, bypassing the authorization system. Resulting error messages may also reveal internal paths of the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5881 MEDIUM

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition (VE) is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer (NDAL) Interfaces can lock up and in turn disrupting the communication between the mcpd and tmm processes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5882 MEDIUM

On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5, and 11.6.1-11.6.5.1, under certain conditions, the Intel QuickAssist Technology (QAT) cryptography driver may produce a Traffic Management Microkernel (TMM) core file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2020-5883 MEDIUM

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTP_PROXY_REQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_security_manager *
f5 big-ip_fraud_protection_service *
CVE-2020-5884 MEDIUM

On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure. This is a control plane issue that is exposed only on the network used for mirroring.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5885 MEDIUM

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-326,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5886 MEDIUM

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-326,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5887 MEDIUM

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2020-5888 LOW

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for adjacent network (layer 2) attackers to access local daemons and bypass port lockdown settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5889 LOW

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2020-5890 LOW

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-iq_centralized_management 7.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2020-5891 MEDIUM

On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_fraud_protection_service *
CVE-2020-5892 MEDIUM

In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager_client *
f5 big-ip_edge_gateway *
CVE-2020-5893 MEDIUM

In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager_client *
CVE-2020-5894 MEDIUM

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
f5 nginx_controller *
CVE-2020-5895 MEDIUM

On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault (SIGSEGV) by writing malformed messages to the socket.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
f5 nginx_controller *
CVE-2020-5896 MEDIUM

On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager_client *
CVE-2020-5897 MEDIUM

In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager_client *
CVE-2020-5898 MEDIUM

In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager_client *
CVE-2020-5899 MEDIUM

In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,CWE-319,CWE-522,

Products Affected

Vendor Product Version
f5 nginx_controller *
CVE-2020-5900 MEDIUM

In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
f5 nginx_controller 1.0.1
f5 nginx_controller *
CVE-2020-5901 HIGH

In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 nginx_controller *
CVE-2020-5902 HIGH

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2020-5903 MEDIUM

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5904 MEDIUM

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5905 MEDIUM

In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the system does not sanitize all user-provided data before display.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L 0.9 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5906 MEDIUM

In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5907 MEDIUM

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell (tmsh) may be able to conduct arbitrary file read/writes via the built-in sftp functionality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5908 LOW

In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2020-5909 MEDIUM

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
f5 nginx_controller 1.0.1
f5 nginx_controller *
CVE-2020-5910 MEDIUM

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
f5 nginx_controller 1.0.1
f5 nginx_controller *
CVE-2020-5911 HIGH

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 nginx_controller 1.0.1
f5 nginx_controller *
CVE-2020-5912 LOW

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2020-5913 MEDIUM

In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2020-5914 MEDIUM

In BIG-IP ASM versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed server cookie scenario may cause BD to restart under some circumstances.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
CVE-2020-5915 MEDIUM

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2020-5916 MEDIUM

In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 2.3 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2020-5917 MEDIUM

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-iq_centralized_management 7.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2020-5918 MEDIUM

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic when traffic volume is high. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5919 MEDIUM

In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel (TMM) to stop responding.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2020-5920 MEDIUM

In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
CVE-2020-5921 MEDIUM

in BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, Syn flood causes large number of MCPD context messages destined to secondary blades consuming memory leading to MCPD failure. This issue affects only VIPRION hosts with two or more blades installed. Single-blade VIPRION hosts are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5922 HIGH

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-352,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2020-5923 MEDIUM

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-iq_centralized_management 5.4.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-iq_centralized_management 7.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2020-5924 MEDIUM

In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS authentication leaks memory when the username for authentication is not set.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2020-5925 MEDIUM

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed internally generated UDP traffic may cause the Traffic Management Microkernel (TMM) to restart under some circumstances.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5926 MEDIUM

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, a BIG-IP virtual server with a Session Initiation Protocol (SIP) ALG profile, parsing SIP messages that contain a multi-part MIME payload with certain boundary strings can cause TMM to free memory to the wrong cache.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5927 MEDIUM

In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG-IP ASM Configuration utility Stored-Cross Site Scripting.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
CVE-2020-5928 LOW

In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple times.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.1 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L 0.6 2.5

CVSS 2.0

Severity: LOW

Problem Type: CWE-352,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
CVE-2020-5929 LOW

In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-203,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_access_policy_manager 11.6.2
f5 big-ip_application_acceleration_manager 11.6.2
f5 big-ip_application_security_manager 13.0.0
f5 ssl_orchestrator 12.1.2
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_local_traffic_manager 11.6.2
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
f5 big-ip_analytics 13.0.0
f5 big-ip_link_controller 13.0.0
f5 big-ip_application_security_manager 11.6.2
f5 big-ip_ddos_hybrid_defender 11.6.2
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_policy_enforcement_manager 11.6.2
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_advanced_web_application_firewall 13.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_ddos_hybrid_defender 12.1.2
f5 big-ip_analytics 11.6.2
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 13.0.0
f5 big-ip_domain_name_system 11.6.2
f5 big-ip_analytics 12.1.2
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_policy_enforcement_manager 13.0.0
f5 big-ip_link_controller 12.1.2
f5 big-ip_link_controller *
f5 big-ip_global_traffic_manager 13.0.0
f5 ssl_orchestrator 13.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_domain_name_system 13.0.0
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_ddos_hybrid_defender 13.0.0
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_global_traffic_manager 11.6.2
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_fraud_protection_service 13.0.0
f5 big-ip_fraud_protection_service 11.6.2
f5 big-ip_fraud_protection_service 12.1.2
f5 big-ip_global_traffic_manager 12.1.2
f5 big-ip_advanced_web_application_firewall 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_link_controller 11.6.2
f5 big-ip_advanced_firewall_manager 13.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_access_policy_manager 13.0.0
f5 big-ip_advanced_web_application_firewall 11.6.2
f5 ssl_orchestrator 11.6.2
f5 big-ip_advanced_firewall_manager 11.6.2
f5 big-ip_local_traffic_manager 13.0.0
CVE-2020-5930 MEDIUM

In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthenticated attackers can cause disruption of service via undisclosed methods.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-iq_centralized_management 5.4.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2020-5931 MEDIUM

On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5932 LOW

On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
CVE-2020-5933 HIGH

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger an out-of-memory condition on the BIG-IP system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5934 LOW

On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2020-5935 MEDIUM

On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when handling MQTT traffic through a BIG-IP virtual server associated with an MQTT profile and an iRule performing manipulations on that traffic, TMM may produce a core file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5936 MEDIUM

On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel (TMM) process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
CVE-2020-5937 HIGH

On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel (TMM) may produce a core file while processing layer 4 (L4) behavioral denial-of-service (DoS) traffic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
CVE-2020-5938 MEDIUM

On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2020-5939 MEDIUM

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface Controller (NIC) card and Single Root I/O Virtualization (SR-IOV) enabled on vSphere, may fail and leave the Traffic Management Microkernel (TMM) in a state where it cannot transmit traffic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2020-5940 LOW

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
CVE-2020-5941 MEDIUM

On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel (TMM) to generate a core file and restart. This issue occurs when data exceeding the maximum limit of a hostname passes to the RESOLV::lookup command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5942 MEDIUM

In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when processing Capabilities-Exchange-Answer (CEA) packets with certain attributes from the Policy and Charging Rules Function (PCRF) server, the Traffic Management Microkernel (TMM) may generate a core file and restart.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_policy_enforcement_manager *
CVE-2020-5943 MEDIUM

In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2020-5944 MEDIUM

In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 has done further review of this vulnerability and has re-classified it as a defect. CVE-2020-5944 will continue to be referenced in F5 Security Advisory K57274211 and will not be assigned to other F5 vulnerabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-iq_centralized_management *
CVE-2020-5945 HIGH

In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate to full admin.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.7 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2020-5946 MEDIUM

In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, under some circumstances, certain format client-side alerts sent to the BIG-IP virtual server configured with DataSafe may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_web_application_firewall *
CVE-2020-5947 MEDIUM

In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2020-5948 MEDIUM

On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager 16.0.0
f5 big-ip_application_acceleration_manager 16.0.0
f5 big-ip_domain_name_system 16.0.0
f5 big-ip_advanced_firewall_manager 16.0.0
f5 big-ip_fraud_protection_service 16.0.0
f5 big-ip_global_traffic_manager 16.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_analytics 16.0.0
f5 big-ip_local_traffic_manager 16.0.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_access_policy_manager 16.0.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_link_controller 16.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager 16.0.0
f5 big-ip_analytics *
CVE-2020-5949 MEDIUM

On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2020-5950 MEDIUM

On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
CVE-2021-22973 MEDIUM

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2021-22974 MEDIUM

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22975 MEDIUM

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts of traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22976 MEDIUM

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22977 MEDIUM

On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22978 MEDIUM

On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22979 MEDIUM

On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned and allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22980 MEDIUM

In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 access_policy_manager_clients *
CVE-2021-22981 MEDIUM

On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627. TLS connections that do not use EMS are vulnerable to man-in-the-middle attacks during renegotiation. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 2.2 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22982 MEDIUM

On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
f5 big-ip_global_traffic_manager *
f5 big-ip_domain_name_system *
CVE-2021-22983 LOW

On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
CVE-2021-22984 MEDIUM

On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense (versions prior to 14.1.0), or a Bot Defense profile (versions 14.1.0 and later), may subject clients and web servers to Open Redirection attacks. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22985 HIGH

On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions, when processing VPN traffic with APM, TMM consumes excessive memory. A malicious, authenticated VPN user may abuse this to perform a DoS attack against the APM. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
CVE-2021-22986 HIGH

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22987 HIGH

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22988 HIGH

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22989 HIGH

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22990 HIGH

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22991 MEDIUM

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may theoretically allow bypass of URL based access control or remote code execution (RCE). Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22992 HIGH

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, a malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution (RCE), leading to complete system compromise. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22993 MEDIUM

On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22994 MEDIUM

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. This vulnerability is due to an incomplete fix for CVE-2020-5948. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22995 MEDIUM

On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
f5 big-iq_centralized_management *
CVE-2021-22996 MEDIUM

On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a BIG-IQ Data Collection Device (DCD) cluster member that receives an undisclosed message may cause the corosync process to abort. This behavior may lead to a denial-of-service (DoS) and impact the stability of a BIG-IQ high availability (HA) cluster. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-iq_centralized_management *
CVE-2021-22997 MEDIUM

On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
f5 big-iq_centralized_management *
CVE-2021-22998 MEDIUM

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, SYN flood protection thresholds are not enforced in secure network address translation (SNAT) listeners. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-22999 MEDIUM

On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23000 MEDIUM

On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may cause TMM to restart. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_advanced_web_application_firewall 12.1.5.2
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_global_traffic_manager 12.1.5.2
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_ddos_hybrid_defender 12.1.5.2
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_access_policy_manager 12.1.5.2
f5 big-ip_local_traffic_manager 12.1.5.2
f5 big-ip_application_security_manager 12.1.5.2
f5 big-ip_domain_name_system 12.1.5.2
f5 big-ip_link_controller 12.1.5.2
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_fraud_protection_service 12.1.5.2
f5 big-ip_advanced_firewall_manager 12.1.5.2
f5 big-ip_policy_enforcement_manager 12.1.5.2
f5 big-ip_advanced_firewall_manager *
f5 big-ip_analytics 12.1.5.2
f5 big-ip_application_acceleration_manager 12.1.5.2
f5 ssl_orchestrator 12.1.5.2
f5 big-ip_global_traffic_manager *
CVE-2021-23001 MEDIUM

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23002 LOW

When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system. Addressing this issue requires both the client and server fixes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 access_policy_manager_clients *
CVE-2021-23003 MEDIUM

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the Traffic Management Microkernel (TMM) process may produce a core file when undisclosed MPTCP traffic passes through a standard virtual server. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23004 MEDIUM

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, Multipath TCP (MPTCP) forwarding flows may be created on standard virtual servers without MPTCP enabled in the applied TCP profile. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 ssl_orchestrator *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23005 MEDIUM

On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum device for BIG-IQ high availability (HA) for automatic failover, BIG-IQ does not make use of Transport Layer Security (TLS) with the Corosync protocol. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-iq_centralized_management *
CVE-2021-23006 MEDIUM

On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-iq_centralized_management *
CVE-2021-23007 MEDIUM

On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Microkernel (TMM) process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_analytics 14.1.4
f5 big-ip_edge_gateway 14.1.4
f5 big-ip_webaccelerator 14.1.4
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_advanced_firewall_manager 16.0.1.1
f5 big-ip_ssl_orchestrator 16.0.1.1
f5 big-ip_global_traffic_manager 16.0.1.1
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 16.0.1.1
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_advanced_web_application_firewall 16.0.1.1
f5 big-ip_ddos_hybrid_defender 14.1.4
f5 big-ip_policy_enforcement_manager 16.0.1.1
f5 big-ip_edge_gateway 16.0.1.1
f5 big-ip_link_controller 14.1.4
f5 big-ip_fraud_protection_service 16.0.1.1
f5 big-ip_application_security_manager 16.0.1.1
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_advanced_web_application_firewall 14.1.4
f5 big-ip_link_controller 16.0.1.1
f5 big-ip_ddos_hybrid_defender 16.0.1.1
f5 big-ip_analytics 16.0.1.1
f5 big-ip_ssl_orchestrator 14.1.4
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.0.1.1
f5 big-ip_webaccelerator 16.0.1.1
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_local_traffic_manager 16.0.1.1
f5 big-ip_domain_name_system 16.0.1.1
CVE-2021-23008 HIGH

On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD (Active Directory) authentication can be bypassed via a spoofed AS-REP (Kerberos Authentication Service Response) response sent over a hijacked KDC (Kerberos Key Distribution Center) connection or from an AD server compromised by an attacker. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2021-23009 MEDIUM

On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configured HA action when the TMM process is aborted. There is no control plane exposure, this is a data plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23010 MEDIUM

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-IP ASM bd process may produce a core file. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
CVE-2021-23011 MEDIUM

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, when the BIG-IP system is buffering packet fragments for reassembly, the Traffic Management Microkernel (TMM) may consume an excessive amount of resources, eventually leading to a restart and failover event. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23012 HIGH

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash commands on BIG-IP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23013 MEDIUM

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic under certain conditions. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23014 MEDIUM

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to upload files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23015 MEDIUM

On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23016 MEDIUM

On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests to an APM Virtual Server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2021-23017 MEDIUM

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L 2.2 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-193,CWE-193,

Products Affected

Vendor Product Version
oracle enterprise_session_border_controller 9.0
oracle enterprise_communications_broker 3.3.0
oracle enterprise_telephony_fraud_monitor 3.4
fedoraproject fedora 34
oracle communications_control_plane_monitor 3.4
oracle communications_control_plane_monitor 4.3
netapp ontap_select_deploy_administration_utility -
oracle communications_operations_monitor 4.3
oracle communications_session_border_controller 8.4
oracle communications_operations_monitor 4.4
oracle communications_operations_monitor 4.2
fedoraproject fedora 33
oracle enterprise_telephony_fraud_monitor 4.3
oracle communications_operations_monitor 3.4
oracle enterprise_telephony_fraud_monitor 4.2
oracle blockchain_platform *
f5 nginx *
oracle enterprise_telephony_fraud_monitor 4.4
oracle goldengate *
oracle communications_fraud_monitor *
oracle communications_session_border_controller 9.0
oracle communications_control_plane_monitor 4.2
oracle enterprise_session_border_controller 8.4
oracle communications_control_plane_monitor 4.4
openresty openresty *
CVE-2021-23018 MEDIUM

Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
f5 nginx_controller *
CVE-2021-23019 MEDIUM

The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-201,CWE-522,

Products Affected

Vendor Product Version
f5 nginx_controller *
CVE-2021-23020 LOW

The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-330,CWE-330,

Products Affected

Vendor Product Version
f5 nginx_controller *
CVE-2021-23021 LOW

The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
f5 nginx_controller *
CVE-2021-23022 HIGH

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager_client *
CVE-2021-23023 MEDIUM

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2021-23024 HIGH

On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-iq_centralized_management *
CVE-2021-23025 MEDIUM

On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23026 MEDIUM

BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23027 MEDIUM

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23028 MEDIUM

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager 16.0.1
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_advanced_web_application_firewall 16.0.1
CVE-2021-23029 MEDIUM

On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23030 MEDIUM

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23031 MEDIUM

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23032 MEDIUM

On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a BIG-IP DNS system is configured with non-default Wide IP and pool settings, undisclosed DNS responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_domain_name_system *
CVE-2021-23033 MEDIUM

On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23034 HIGH

On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when a DNS profile using a DNS cache resolver is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-668,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2021-23035 HIGH

On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2021-23036 MEDIUM

On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_datasafe *
CVE-2021-23037 MEDIUM

On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2021-23038 LOW

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2021-23039 HIGH

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of 13.1.x and 12.1.x, when IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote (IPSec) peer, which already has a negotiated Security Association, can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2021-23040 MEDIUM

On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This issue is exposed only when BIG-IP AFM is provisioned. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
CVE-2021-23041 MEDIUM

On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23042 MEDIUM

On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6, when an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23043 MEDIUM

On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to access arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2021-23044 MEDIUM

On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when the Intel QuickAssist Technology (QAT) compression driver is used on affected BIG-IP hardware and BIG-IP Virtual Edition (VE) platforms, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2021-23045 MEDIUM

On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when an SCTP profile with multiple paths is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23046 LOW

On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_guided_configuration *
CVE-2021-23047 MEDIUM

On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2021-23048 MEDIUM

On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when GPRS Tunneling Protocol (GTP) iRules commands or a GTP profile is configured on a virtual server, undisclosed GTP messages can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23049 MEDIUM

On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, when the iRules RESOLVER::summarize command is used on a virtual server, undisclosed requests can cause an increase in Traffic Management Microkernel (TMM) memory utilization resulting in an out-of-memory condition and a denial-of-service (DoS). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23050 MEDIUM

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
f5 nginx_app_protect *
CVE-2021-23051 MEDIUM

On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This is due to an incomplete fix for CVE-2020-5862. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23052 MEDIUM

On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2021-23053 MEDIUM

On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2021-23054 MEDIUM

On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2021-23055 MEDIUM

On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,NVD-CWE-Other,

Products Affected

Vendor Product Version
f5 nginx_ingress_controller *
CVE-2021-3618 MEDIUM

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
fedoraproject fedora 33
fedoraproject fedora 34
vsftpd_project vsftpd *
sendmail sendmail *
f5 nginx *
fedoraproject fedora 35
debian debian_linux 10.0
CVE-2021-40438 MEDIUM

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.8
redhat enterprise_linux_eus 8.1
oracle instantis_enterprisetrack 17.1
redhat enterprise_linux_for_power_little_endian_eus 8.1
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat enterprise_linux_server_tus 7.6
netapp clustered_data_ontap -
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
redhat enterprise_linux_update_services_for_sap_solutions 8.2
redhat enterprise_linux_server_update_services_for_sap_solutions 7.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_update_services_for_sap_solutions 8.4
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
redhat enterprise_linux_for_arm_64_eus 8.8
oracle http_server 12.2.1.3.0
siemens sinec_nms *
debian debian_linux 10.0
siemens sinema_server 14.0
f5 f5os *
redhat enterprise_linux_server_tus 8.6
redhat software_collections 1.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_for_power_little_endian_eus 8.6
fedoraproject fedora 35
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 7.6
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_server_tus 8.8
redhat enterprise_linux_update_services_for_sap_solutions 8.8
redhat enterprise_linux_for_ibm_z_systems 7.0_s390x
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 7.7
redhat enterprise_linux_server_update_services_for_sap_solutions 7.7
redhat enterprise_linux_for_ibm_z_systems_eus 8.8
redhat enterprise_linux 8.0
redhat enterprise_linux_for_power_little_endian 8.0
oracle zfs_storage_appliance_kit 8.8
redhat enterprise_linux_for_ibm_z_systems_eus 8.1
redhat enterprise_linux_server_aus 7.4
fedoraproject fedora 34
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_for_ibm_z_systems_eus_s390x 8.2
siemens sinema_remote_connect_server 3.2
redhat enterprise_linux_update_services_for_sap_solutions 8.6
redhat enterprise_linux_for_power_little_endian_eus 8.8
oracle http_server 12.2.1.4.0
tenable tenable.sc *
redhat enterprise_linux_for_arm_64_eus 8.6
oracle secure_global_desktop 5.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
oracle instantis_enterprisetrack 17.3
resf rocky_linux 8.0
siemens ruggedcom_nms *
redhat enterprise_linux_eus 8.8
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 8.2
oracle enterprise_manager_ops_center 12.4.0.0
redhat enterprise_linux_for_scientific_computing 7.0
redhat enterprise_linux_eus 8.4
debian debian_linux 11.0
netapp storagegrid -
redhat enterprise_linux_for_power_big_endian 7.0
redhat enterprise_linux_for_arm_64 8.0
netapp cloud_backup -
redhat enterprise_linux_eus 8.6
apache http_server *
redhat enterprise_linux_server_aus 7.6
broadcom brocade_fabric_operating_system_firmware -
redhat enterprise_linux_for_power_little_endian 7.0
redhat jboss_core_services 1.0
oracle instantis_enterprisetrack 17.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
redhat enterprise_linux_update_services_for_sap_solutions 8.1
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.7
siemens sinema_remote_connect_server *
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.2
CVE-2021-42717 MEDIUM

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
oracle zfs_storage_appliance_kit 8.8
debian debian_linux 11.0
trustwave modsecurity *
f5 nginx_modsecurity_waf r25
oracle http_server 12.2.1.3.0
f5 nginx_modsecurity_waf r24
debian debian_linux 10.0
debian debian_linux 9.0
oracle http_server 12.2.1.4.0
CVE-2021-46462 MEDIUM

njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 njs *
CVE-2021-46463 HIGH

njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-843,

Products Affected

Vendor Product Version
f5 njs *
CVE-2022-1388 HIGH

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-1389 MEDIUM

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping, traceroute, and WOM diagnostics. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 1.6 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_access_policy_manager 11.6.2
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_advanced_firewall_manager 12.1.4
f5 big-ip_analytics 11.6.5
f5 big-ip_application_acceleration_manager 11.6.2
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_local_traffic_manager 11.6.4
f5 big-ip_analytics 13.1.4
f5 big-ip_analytics 16.1.1
f5 big-ip_application_acceleration_manager 13.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_policy_enforcement_manager 13.1.4
f5 big-ip_advanced_firewall_manager 11.6.4
f5 big-ip_application_security_manager 12.1.4
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_advanced_firewall_manager 12.1.3
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 12.1.5
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_domain_name_system 13.1.3
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_link_controller 11.6.4
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_access_policy_manager 11.6.4
f5 big-ip_global_traffic_manager 12.1.3
f5 big-ip_application_security_manager 11.6.2
f5 big-ip_fraud_protection_service 11.6.5
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_analytics 12.1.4
f5 big-ip_domain_name_system 12.1.4
f5 big-ip_application_acceleration_manager 11.6.3
f5 big-ip_application_acceleration_manager 12.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_link_controller 13.1.4
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_policy_enforcement_manager 12.1.6
f5 big-ip_policy_enforcement_manager 11.6.5
f5 big-ip_analytics 11.6.3
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_policy_enforcement_manager 13.1.3
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_global_traffic_manager 12.1.5
f5 big-ip_analytics 16.1.2
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_advanced_firewall_manager 11.6.3
f5 big-ip_access_policy_manager 12.1.4
f5 big-ip_application_acceleration_manager 12.1.5
f5 big-ip_application_security_manager 12.1.6
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_analytics 11.6.1
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_domain_name_system 12.1.3
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_domain_name_system 12.1.6
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_global_traffic_manager 12.1.2
f5 big-ip_access_policy_manager 12.1.3
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_domain_name_system 11.6.3
f5 big-ip_link_controller 12.1.6
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_local_traffic_manager 17.0.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.6
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_link_controller 11.6.1
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_link_controller 12.1.0
f5 big-ip_local_traffic_manager 11.6.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_analytics 12.1.3
f5 big-ip_link_controller 11.6.3
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_fraud_protection_service 13.1.4
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_local_traffic_manager 12.1.3
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_link_controller 11.6.5
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_policy_enforcement_manager 11.6.2
f5 big-ip_link_controller 16.1.0
f5 big-ip_fraud_protection_service 12.1.6
f5 big-ip_advanced_firewall_manager 12.1.5
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_global_traffic_manager 11.6.4
f5 big-ip_local_traffic_manager 12.1.6
f5 big-ip_analytics 11.6.2
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_application_acceleration_manager 13.1.4
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_local_traffic_manager 11.6.3
f5 big-ip_link_controller 13.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.3
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_policy_enforcement_manager 13.1.1
f5 big-ip_domain_name_system 11.6.4
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 17.0.0
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_domain_name_system 13.1.5
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_fraud_protection_service 12.1.2
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_global_traffic_manager 12.1.1
f5 big-ip_global_traffic_manager 13.1.4
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_analytics 13.1.5
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_fraud_protection_service 11.6.1
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_analytics 13.1.3
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 11.6.2
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_advanced_firewall_manager 12.1.0
f5 big-ip_link_controller 14.1.3
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_link_controller 12.1.5
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_link_controller 13.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_link_controller 12.1.3
f5 big-ip_access_policy_manager 11.6.3
f5 big-ip_policy_enforcement_manager 11.6.3
f5 big-ip_application_security_manager 11.6.4
f5 big-ip_fraud_protection_service 12.1.1
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_global_traffic_manager 12.1.6
f5 big-ip_analytics 15.1.5
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_link_controller 12.1.4
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_fraud_protection_service 11.6.4
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_domain_name_system 11.6.2
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_analytics 12.1.2
f5 big-ip_domain_name_system 11.6.1
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_global_traffic_manager 12.1.0
f5 big-ip_fraud_protection_service 12.1.5
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 11.6.5
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_global_traffic_manager 11.6.5
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_access_policy_manager 11.6.5
f5 big-ip_analytics 13.1.0
f5 big-ip_link_controller 16.1.2
f5 big-ip_global_traffic_manager 11.6.2
f5 big-ip_local_traffic_manager 12.1.5
f5 big-ip_policy_enforcement_manager 12.1.5
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_fraud_protection_service 12.1.4
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_fraud_protection_service 12.1.3
f5 big-ip_link_controller 16.1.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_link_controller 11.6.2
f5 big-ip_domain_name_system 11.6.5
f5 big-ip_analytics 12.1.1
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_global_traffic_manager 12.1.4
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_analytics 15.1.0
f5 big-ip_application_acceleration_manager 13.1.1
f5 big-ip_local_traffic_manager 12.1.4
f5 big-ip_fraud_protection_service 13.1.1
f5 big-ip_domain_name_system 13.1.1
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_access_policy_manager 12.1.5
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_analytics 13.1.1
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_global_traffic_manager 11.6.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_application_acceleration_manager 12.1.6
f5 big-ip_domain_name_system 13.1.4
f5 big-ip_local_traffic_manager 11.6.5
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_global_traffic_manager 13.1.3
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_application_acceleration_manager 11.6.5
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_analytics 12.1.5
f5 big-ip_policy_enforcement_manager 11.6.4
f5 big-ip_global_traffic_manager 13.1.5
f5 big-ip_analytics 11.6.4
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_link_controller 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.3
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_analytics 17.0.0
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.2
f5 big-ip_global_traffic_manager 13.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_application_acceleration_manager 11.6.4
f5 big-ip_link_controller 15.1.1
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_application_security_manager 12.1.3
f5 big-ip_application_security_manager 12.1.5
f5 big-ip_access_policy_manager 12.1.6
f5 big-ip_link_controller 13.1.5
f5 big-ip_application_acceleration_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.2
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_fraud_protection_service 12.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_policy_enforcement_manager 12.1.3
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_advanced_firewall_manager 11.6.5
f5 big-ip_policy_enforcement_manager 14.1.3
f5 big-ip_application_security_manager 11.6.3
f5 big-ip_analytics 12.1.6
CVE-2022-1468 MEDIUM

On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4
f5sirt@f5.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_access_policy_manager 11.6.2
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_advanced_firewall_manager 12.1.4
f5 big-ip_analytics 11.6.5
f5 big-ip_application_acceleration_manager 11.6.2
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_local_traffic_manager 11.6.4
f5 big-ip_analytics 13.1.4
f5 big-ip_analytics 16.1.1
f5 big-ip_application_acceleration_manager 13.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_policy_enforcement_manager 13.1.4
f5 big-ip_advanced_firewall_manager 11.6.4
f5 big-ip_application_security_manager 12.1.4
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_advanced_firewall_manager 12.1.3
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 12.1.5
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_domain_name_system 13.1.3
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_link_controller 11.6.4
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_access_policy_manager 11.6.4
f5 big-ip_global_traffic_manager 12.1.3
f5 big-ip_application_security_manager 11.6.2
f5 big-ip_fraud_protection_service 11.6.5
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_analytics 12.1.4
f5 big-ip_domain_name_system 12.1.4
f5 big-ip_application_acceleration_manager 11.6.3
f5 big-ip_application_acceleration_manager 12.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_link_controller 13.1.4
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_policy_enforcement_manager 12.1.6
f5 big-ip_policy_enforcement_manager 11.6.5
f5 big-ip_analytics 11.6.3
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_policy_enforcement_manager 13.1.3
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_global_traffic_manager 12.1.5
f5 big-ip_analytics 16.1.2
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_advanced_firewall_manager 11.6.3
f5 big-ip_access_policy_manager 12.1.4
f5 big-ip_application_acceleration_manager 12.1.5
f5 big-ip_application_security_manager 12.1.6
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_analytics 11.6.1
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_domain_name_system 12.1.3
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_domain_name_system 12.1.6
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_global_traffic_manager 12.1.2
f5 big-ip_access_policy_manager 12.1.3
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_domain_name_system 11.6.3
f5 big-ip_link_controller 12.1.6
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_local_traffic_manager 17.0.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.6
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_link_controller 11.6.1
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_link_controller 12.1.0
f5 big-ip_local_traffic_manager 11.6.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_analytics 12.1.3
f5 big-ip_link_controller 11.6.3
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_fraud_protection_service 13.1.4
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_local_traffic_manager 12.1.3
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_link_controller 11.6.5
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_policy_enforcement_manager 11.6.2
f5 big-ip_link_controller 16.1.0
f5 big-ip_fraud_protection_service 12.1.6
f5 big-ip_advanced_firewall_manager 12.1.5
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_global_traffic_manager 11.6.4
f5 big-ip_local_traffic_manager 12.1.6
f5 big-ip_analytics 11.6.2
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_application_acceleration_manager 13.1.4
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_local_traffic_manager 11.6.3
f5 big-ip_link_controller 13.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.3
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_policy_enforcement_manager 13.1.1
f5 big-ip_domain_name_system 11.6.4
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 17.0.0
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_domain_name_system 13.1.5
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_fraud_protection_service 12.1.2
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_global_traffic_manager 12.1.1
f5 big-ip_global_traffic_manager 13.1.4
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_analytics 13.1.5
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_fraud_protection_service 11.6.1
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_analytics 13.1.3
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 11.6.2
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_advanced_firewall_manager 12.1.0
f5 big-ip_link_controller 14.1.3
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_link_controller 12.1.5
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_link_controller 13.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_link_controller 12.1.3
f5 big-ip_access_policy_manager 11.6.3
f5 big-ip_policy_enforcement_manager 11.6.3
f5 big-ip_application_security_manager 11.6.4
f5 big-ip_fraud_protection_service 12.1.1
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_global_traffic_manager 12.1.6
f5 big-ip_analytics 15.1.5
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_link_controller 12.1.4
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_fraud_protection_service 11.6.4
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_domain_name_system 11.6.2
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_analytics 12.1.2
f5 big-ip_domain_name_system 11.6.1
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_global_traffic_manager 12.1.0
f5 big-ip_fraud_protection_service 12.1.5
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 11.6.5
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_global_traffic_manager 11.6.5
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_access_policy_manager 11.6.5
f5 big-ip_analytics 13.1.0
f5 big-ip_link_controller 16.1.2
f5 big-ip_global_traffic_manager 11.6.2
f5 big-ip_local_traffic_manager 12.1.5
f5 big-ip_policy_enforcement_manager 12.1.5
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_fraud_protection_service 12.1.4
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_fraud_protection_service 12.1.3
f5 big-ip_link_controller 16.1.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_link_controller 11.6.2
f5 big-ip_domain_name_system 11.6.5
f5 big-ip_analytics 12.1.1
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_global_traffic_manager 12.1.4
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_analytics 15.1.0
f5 big-ip_application_acceleration_manager 13.1.1
f5 big-ip_local_traffic_manager 12.1.4
f5 big-ip_fraud_protection_service 13.1.1
f5 big-ip_domain_name_system 13.1.1
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_access_policy_manager 12.1.5
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_analytics 13.1.1
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_global_traffic_manager 11.6.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_application_acceleration_manager 12.1.6
f5 big-ip_domain_name_system 13.1.4
f5 big-ip_local_traffic_manager 11.6.5
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_global_traffic_manager 13.1.3
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_application_acceleration_manager 11.6.5
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_analytics 12.1.5
f5 big-ip_policy_enforcement_manager 11.6.4
f5 big-ip_global_traffic_manager 13.1.5
f5 big-ip_analytics 11.6.4
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_link_controller 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.3
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_analytics 17.0.0
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.2
f5 big-ip_global_traffic_manager 13.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_application_acceleration_manager 11.6.4
f5 big-ip_link_controller 15.1.1
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_application_security_manager 12.1.3
f5 big-ip_application_security_manager 12.1.5
f5 big-ip_access_policy_manager 12.1.6
f5 big-ip_link_controller 13.1.5
f5 big-ip_application_acceleration_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.2
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_fraud_protection_service 12.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_policy_enforcement_manager 12.1.3
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_advanced_firewall_manager 11.6.5
f5 big-ip_policy_enforcement_manager 14.1.3
f5 big-ip_application_security_manager 11.6.3
f5 big-ip_analytics 12.1.6
CVE-2022-23008 MEDIUM

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,CWE-79,

Products Affected

Vendor Product Version
f5 nginx_controller_api_management *
CVE-2022-23009 HIGH

On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
f5 big-iq_centralized_management 8.0.0
CVE-2022-23010 HIGH

On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile and an HTTP profile are configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-404,CWE-404,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-23011 MEDIUM

On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 and 14.1.x before 14.1.3, virtual servers may stop responding while processing TCP traffic due to an issue in the SYN Cookie Protection feature. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-682,CWE-682,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-23012 HIGH

On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,CWE-415,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-23013 MEDIUM

On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_global_traffic_manager *
f5 big-ip_domain_name_system *
CVE-2022-23014 MEDIUM

On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP APM portal access is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2022-23015 HIGH

On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14.1.2.6-14.1.4.4, when a Client SSL profile is configured on a virtual server with Client Certificate Authentication set to request/require and Session Ticket enabled and configured, processing SSL traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-23016 HIGH

On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-23017 HIGH

On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when a virtual server is configured with a DNS profile with the Rapid Response Mode setting enabled and is configured on a BIG-IP system, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-23018 HIGH

On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-755,CWE-755,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
CVE-2022-23019 HIGH

On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a message routing type virtual server is configured with both Diameter Session and Router Profiles, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-23020 HIGH

On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' setting is enabled on the Request Logging profile and configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-23021 HIGH

On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP Profile. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-23022 HIGH

On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-23023 MEDIUM

On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by an authenticated iControl REST user can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2022-23024 MEDIUM

On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway (ALG) logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
CVE-2022-23025 MEDIUM

On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, when a SIP ALG profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2022-23026 MEDIUM

On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,CWE-434,

Products Affected

Vendor Product Version
f5 big-ip_application_acceleration_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2022-23027 MEDIUM

On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2, when a FastL4 profile and an HTTP, FIX, and/or hash persistence profile are configured on the same virtual server, undisclosed requests can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-697,CWE-697,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2022-23028 MEDIUM

On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when global AFM SYN cookie protection (TCP Half Open flood vector) is activated in the AFM Device Dos or DOS profile, certain types of TCP connections will fail. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-682,CWE-682,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
CVE-2022-23029 MEDIUM

On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-367,CWE-367,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2022-23030 MEDIUM

On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when the BIG-IP Virtual Edition (VE) uses the ixlv driver (which is used in SR-IOV mode and requires Intel X710/XL710/XXV710 family of network adapters on the Hypervisor) and TCP Segmentation Offload configuration is enabled, undisclosed requests may cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2022-23031 MEDIUM

On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4, an XML External Entity (XXE) vulnerability exists in an undisclosed page of the F5 Advanced Web Application Firewall (Advanced WAF) and BIG-IP ASM Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that allows an authenticated high-privileged attacker to read local files and force BIG-IP to send HTTP requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_web_application_firewall *
CVE-2022-23032 MEDIUM

In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-346,CWE-346,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager_client *
CVE-2022-25139 HIGH

njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
f5 njs *
CVE-2022-25946 MEDIUM

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.7 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 2.3 5.8
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 1.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-354,

Products Affected

Vendor Product Version
f5 big-ip_advanced_web_application_firewall 15.1.1
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_advanced_web_application_firewall 15.1.4
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_advanced_web_application_firewall 13.1.5
f5 big-ip_advanced_web_application_firewall 15.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_advanced_web_application_firewall 16.1.0
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_advanced_web_application_firewall 16.1.2
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_advanced_web_application_firewall 13.1.0
f5 big-ip_advanced_web_application_firewall 14.1.2
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_advanced_web_application_firewall 14.1.4
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_advanced_web_application_firewall 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_advanced_web_application_firewall 15.1.5
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_advanced_web_application_firewall 14.1.0
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_advanced_web_application_firewall 16.1.1
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_advanced_web_application_firewall 13.1.4
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_advanced_web_application_firewall 15.1.0
f5 big-ip_advanced_web_application_firewall 15.1.2
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_advanced_web_application_firewall 13.1.3
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_advanced_web_application_firewall 13.1.1
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_guided_configuration *
CVE-2022-25990 MEDIUM

On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 f5os-a 1.0.0
CVE-2022-26071 MEDIUM

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel (TMM) allows an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
f5sirt@f5.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_access_policy_manager 11.6.2
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_advanced_firewall_manager 12.1.4
f5 big-ip_analytics 11.6.5
f5 big-ip_application_acceleration_manager 11.6.2
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_local_traffic_manager 11.6.4
f5 big-ip_analytics 13.1.4
f5 big-ip_analytics 16.1.1
f5 big-ip_application_acceleration_manager 13.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_policy_enforcement_manager 13.1.4
f5 big-ip_advanced_firewall_manager 11.6.4
f5 big-ip_application_security_manager 12.1.4
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_advanced_firewall_manager 12.1.3
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 12.1.5
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_domain_name_system 13.1.3
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_link_controller 11.6.4
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_access_policy_manager 11.6.4
f5 big-ip_global_traffic_manager 12.1.3
f5 big-ip_application_security_manager 11.6.2
f5 big-ip_fraud_protection_service 11.6.5
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_analytics 12.1.4
f5 big-ip_domain_name_system 12.1.4
f5 big-ip_application_acceleration_manager 11.6.3
f5 big-ip_application_acceleration_manager 12.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_link_controller 13.1.4
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_policy_enforcement_manager 12.1.6
f5 big-ip_policy_enforcement_manager 11.6.5
f5 big-ip_analytics 11.6.3
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_policy_enforcement_manager 13.1.3
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_global_traffic_manager 12.1.5
f5 big-ip_analytics 16.1.2
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_advanced_firewall_manager 11.6.3
f5 big-ip_access_policy_manager 12.1.4
f5 big-ip_application_acceleration_manager 12.1.5
f5 big-ip_application_security_manager 12.1.6
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_analytics 11.6.1
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_domain_name_system 12.1.3
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_domain_name_system 12.1.6
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_global_traffic_manager 12.1.2
f5 big-ip_access_policy_manager 12.1.3
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_domain_name_system 11.6.3
f5 big-ip_link_controller 12.1.6
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_local_traffic_manager 17.0.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.6
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_link_controller 11.6.1
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_link_controller 12.1.0
f5 big-ip_local_traffic_manager 11.6.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_analytics 12.1.3
f5 big-ip_link_controller 11.6.3
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_fraud_protection_service 13.1.4
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_local_traffic_manager 12.1.3
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_link_controller 11.6.5
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_policy_enforcement_manager 11.6.2
f5 big-ip_link_controller 16.1.0
f5 big-ip_fraud_protection_service 12.1.6
f5 big-ip_advanced_firewall_manager 12.1.5
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_global_traffic_manager 11.6.4
f5 big-ip_local_traffic_manager 12.1.6
f5 big-ip_analytics 11.6.2
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_application_acceleration_manager 13.1.4
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_local_traffic_manager 11.6.3
f5 big-ip_link_controller 13.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.3
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_policy_enforcement_manager 13.1.1
f5 big-ip_domain_name_system 11.6.4
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 17.0.0
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_domain_name_system 13.1.5
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_fraud_protection_service 12.1.2
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_global_traffic_manager 12.1.1
f5 big-ip_global_traffic_manager 13.1.4
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_analytics 13.1.5
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_fraud_protection_service 11.6.1
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_analytics 13.1.3
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 11.6.2
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_advanced_firewall_manager 12.1.0
f5 big-ip_link_controller 14.1.3
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_link_controller 12.1.5
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_link_controller 13.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_link_controller 12.1.3
f5 big-ip_access_policy_manager 11.6.3
f5 big-ip_policy_enforcement_manager 11.6.3
f5 big-ip_application_security_manager 11.6.4
f5 big-ip_fraud_protection_service 12.1.1
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_global_traffic_manager 12.1.6
f5 big-ip_analytics 15.1.5
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_link_controller 12.1.4
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_fraud_protection_service 11.6.4
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_domain_name_system 11.6.2
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_analytics 12.1.2
f5 big-ip_domain_name_system 11.6.1
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_global_traffic_manager 12.1.0
f5 big-ip_fraud_protection_service 12.1.5
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 11.6.5
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_global_traffic_manager 11.6.5
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_access_policy_manager 11.6.5
f5 big-ip_analytics 13.1.0
f5 big-ip_link_controller 16.1.2
f5 big-ip_global_traffic_manager 11.6.2
f5 big-ip_local_traffic_manager 12.1.5
f5 big-ip_policy_enforcement_manager 12.1.5
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_fraud_protection_service 12.1.4
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_fraud_protection_service 12.1.3
f5 big-ip_link_controller 16.1.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_link_controller 11.6.2
f5 big-ip_domain_name_system 11.6.5
f5 big-ip_analytics 12.1.1
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_global_traffic_manager 12.1.4
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_analytics 15.1.0
f5 big-ip_application_acceleration_manager 13.1.1
f5 big-ip_local_traffic_manager 12.1.4
f5 big-ip_fraud_protection_service 13.1.1
f5 big-ip_domain_name_system 13.1.1
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_access_policy_manager 12.1.5
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_analytics 13.1.1
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_global_traffic_manager 11.6.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_application_acceleration_manager 12.1.6
f5 big-ip_domain_name_system 13.1.4
f5 big-ip_local_traffic_manager 11.6.5
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_global_traffic_manager 13.1.3
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_application_acceleration_manager 11.6.5
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_analytics 12.1.5
f5 big-ip_policy_enforcement_manager 11.6.4
f5 big-ip_global_traffic_manager 13.1.5
f5 big-ip_analytics 11.6.4
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_link_controller 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.3
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_analytics 17.0.0
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.2
f5 big-ip_global_traffic_manager 13.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_application_acceleration_manager 11.6.4
f5 big-ip_link_controller 15.1.1
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_application_security_manager 12.1.3
f5 big-ip_application_security_manager 12.1.5
f5 big-ip_access_policy_manager 12.1.6
f5 big-ip_link_controller 13.1.5
f5 big-ip_application_acceleration_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.2
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_fraud_protection_service 12.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_policy_enforcement_manager 12.1.3
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_advanced_firewall_manager 11.6.5
f5 big-ip_policy_enforcement_manager 14.1.3
f5 big-ip_application_security_manager 11.6.3
f5 big-ip_analytics 12.1.6
CVE-2022-26130 MEDIUM

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an Active mode-enabled FTP profile is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing active FTP data channel connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_analytics 13.1.4
f5 big-ip_analytics 16.1.1
f5 big-ip_application_acceleration_manager 13.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_policy_enforcement_manager 13.1.4
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_domain_name_system 13.1.3
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_link_controller 13.1.4
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_policy_enforcement_manager 13.1.3
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_analytics 16.1.2
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_link_controller 14.1.0
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_fraud_protection_service 13.1.4
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_link_controller 16.1.0
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_application_acceleration_manager 13.1.4
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_link_controller 13.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.3
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_policy_enforcement_manager 13.1.1
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_domain_name_system 13.1.5
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_global_traffic_manager 13.1.4
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_analytics 13.1.5
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_analytics 13.1.3
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_link_controller 14.1.3
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_link_controller 13.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_analytics 15.1.5
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_analytics 13.1.0
f5 big-ip_link_controller 16.1.2
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_link_controller 16.1.1
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_analytics 15.1.0
f5 big-ip_application_acceleration_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.1
f5 big-ip_domain_name_system 13.1.1
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_analytics 13.1.1
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_domain_name_system 13.1.4
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_global_traffic_manager 13.1.3
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_global_traffic_manager 13.1.5
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_global_traffic_manager 13.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_link_controller 15.1.1
f5 big-ip_link_controller 13.1.5
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.3
CVE-2022-26340 MEDIUM

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_access_policy_manager 11.6.2
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_advanced_firewall_manager 12.1.4
f5 big-ip_analytics 11.6.5
f5 big-ip_application_acceleration_manager 11.6.2
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_local_traffic_manager 11.6.4
f5 big-ip_analytics 13.1.4
f5 big-ip_analytics 16.1.1
f5 big-ip_application_acceleration_manager 13.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_policy_enforcement_manager 13.1.4
f5 big-ip_advanced_firewall_manager 11.6.4
f5 big-ip_application_security_manager 12.1.4
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_advanced_firewall_manager 12.1.3
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 12.1.5
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_domain_name_system 13.1.3
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_link_controller 11.6.4
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_access_policy_manager 11.6.4
f5 big-ip_global_traffic_manager 12.1.3
f5 big-ip_application_security_manager 11.6.2
f5 big-ip_fraud_protection_service 11.6.5
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_analytics 12.1.4
f5 big-ip_domain_name_system 12.1.4
f5 big-ip_application_acceleration_manager 11.6.3
f5 big-ip_application_acceleration_manager 12.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_link_controller 13.1.4
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_policy_enforcement_manager 12.1.6
f5 big-ip_policy_enforcement_manager 11.6.5
f5 big-ip_analytics 11.6.3
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_policy_enforcement_manager 13.1.3
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_global_traffic_manager 12.1.5
f5 big-ip_analytics 16.1.2
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_advanced_firewall_manager 11.6.3
f5 big-ip_access_policy_manager 12.1.4
f5 big-ip_application_acceleration_manager 12.1.5
f5 big-ip_application_security_manager 12.1.6
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_analytics 11.6.1
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_domain_name_system 12.1.3
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_domain_name_system 12.1.6
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_global_traffic_manager 12.1.2
f5 big-ip_access_policy_manager 12.1.3
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_domain_name_system 11.6.3
f5 big-ip_link_controller 12.1.6
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_local_traffic_manager 17.0.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.6
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_link_controller 11.6.1
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_link_controller 12.1.0
f5 big-ip_local_traffic_manager 11.6.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_analytics 12.1.3
f5 big-ip_link_controller 11.6.3
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_fraud_protection_service 13.1.4
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_local_traffic_manager 12.1.3
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_link_controller 11.6.5
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_policy_enforcement_manager 11.6.2
f5 big-ip_link_controller 16.1.0
f5 big-ip_fraud_protection_service 12.1.6
f5 big-ip_advanced_firewall_manager 12.1.5
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_global_traffic_manager 11.6.4
f5 big-ip_local_traffic_manager 12.1.6
f5 big-ip_analytics 11.6.2
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_application_acceleration_manager 13.1.4
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_local_traffic_manager 11.6.3
f5 big-ip_link_controller 13.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.3
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_policy_enforcement_manager 13.1.1
f5 big-iq_centralized_management *
f5 big-ip_domain_name_system 11.6.4
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 17.0.0
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_domain_name_system 13.1.5
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_fraud_protection_service 12.1.2
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_global_traffic_manager 12.1.1
f5 big-ip_global_traffic_manager 13.1.4
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_analytics 13.1.5
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_fraud_protection_service 11.6.1
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_analytics 13.1.3
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 11.6.2
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_advanced_firewall_manager 12.1.0
f5 big-ip_link_controller 14.1.3
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_link_controller 12.1.5
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_link_controller 13.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_link_controller 12.1.3
f5 big-ip_access_policy_manager 11.6.3
f5 big-ip_policy_enforcement_manager 11.6.3
f5 big-ip_application_security_manager 11.6.4
f5 big-ip_fraud_protection_service 12.1.1
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_global_traffic_manager 12.1.6
f5 big-ip_analytics 15.1.5
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_link_controller 12.1.4
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_fraud_protection_service 11.6.4
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_domain_name_system 11.6.2
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_analytics 12.1.2
f5 big-ip_domain_name_system 11.6.1
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_global_traffic_manager 12.1.0
f5 big-ip_fraud_protection_service 12.1.5
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 11.6.5
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_global_traffic_manager 11.6.5
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_access_policy_manager 11.6.5
f5 big-ip_analytics 13.1.0
f5 big-ip_link_controller 16.1.2
f5 big-ip_global_traffic_manager 11.6.2
f5 big-ip_local_traffic_manager 12.1.5
f5 big-ip_policy_enforcement_manager 12.1.5
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_fraud_protection_service 12.1.4
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_fraud_protection_service 12.1.3
f5 big-ip_link_controller 16.1.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_link_controller 11.6.2
f5 big-ip_domain_name_system 11.6.5
f5 big-ip_analytics 12.1.1
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_global_traffic_manager 12.1.4
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_analytics 15.1.0
f5 big-ip_application_acceleration_manager 13.1.1
f5 big-ip_local_traffic_manager 12.1.4
f5 big-ip_fraud_protection_service 13.1.1
f5 big-ip_domain_name_system 13.1.1
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_access_policy_manager 12.1.5
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_analytics 13.1.1
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_global_traffic_manager 11.6.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_application_acceleration_manager 12.1.6
f5 big-ip_domain_name_system 13.1.4
f5 big-ip_local_traffic_manager 11.6.5
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_global_traffic_manager 13.1.3
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_application_acceleration_manager 11.6.5
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_analytics 12.1.5
f5 big-ip_policy_enforcement_manager 11.6.4
f5 big-ip_global_traffic_manager 13.1.5
f5 big-ip_analytics 11.6.4
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_link_controller 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.3
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_analytics 17.0.0
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.2
f5 big-ip_global_traffic_manager 13.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_application_acceleration_manager 11.6.4
f5 big-ip_link_controller 15.1.1
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_application_security_manager 12.1.3
f5 big-ip_application_security_manager 12.1.5
f5 big-ip_access_policy_manager 12.1.6
f5 big-ip_link_controller 13.1.5
f5 big-ip_application_acceleration_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.2
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_fraud_protection_service 12.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_policy_enforcement_manager 12.1.3
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_advanced_firewall_manager 11.6.5
f5 big-ip_policy_enforcement_manager 14.1.3
f5 big-ip_application_security_manager 11.6.3
f5 big-ip_analytics 12.1.6
CVE-2022-26370 MEDIUM

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-908,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_analytics 16.1.1
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_analytics 15.1.5
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_analytics 16.1.2
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_link_controller 16.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_link_controller 16.1.1
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_analytics 15.1.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_link_controller 16.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_link_controller 15.1.1
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_policy_enforcement_manager 14.1.3
f5 big-ip_link_controller 14.1.3
CVE-2022-26372 MEDIUM

On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when a DNS listener is configured on a virtual server with DNS queueing (default), undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_access_policy_manager 11.6.2
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_advanced_firewall_manager 12.1.4
f5 big-ip_analytics 11.6.5
f5 big-ip_application_acceleration_manager 11.6.2
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_local_traffic_manager 11.6.4
f5 big-ip_analytics 13.1.4
f5 big-ip_analytics 16.1.1
f5 big-ip_application_acceleration_manager 13.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_policy_enforcement_manager 13.1.4
f5 big-ip_advanced_firewall_manager 11.6.4
f5 big-ip_application_security_manager 12.1.4
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_advanced_firewall_manager 12.1.3
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 12.1.5
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_domain_name_system 13.1.3
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_link_controller 11.6.4
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_access_policy_manager 11.6.4
f5 big-ip_global_traffic_manager 12.1.3
f5 big-ip_application_security_manager 11.6.2
f5 big-ip_fraud_protection_service 11.6.5
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_analytics 12.1.4
f5 big-ip_domain_name_system 12.1.4
f5 big-ip_application_acceleration_manager 11.6.3
f5 big-ip_application_acceleration_manager 12.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_link_controller 13.1.4
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_policy_enforcement_manager 12.1.6
f5 big-ip_policy_enforcement_manager 11.6.5
f5 big-ip_analytics 11.6.3
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_policy_enforcement_manager 13.1.3
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_global_traffic_manager 12.1.5
f5 big-ip_analytics 16.1.2
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_advanced_firewall_manager 11.6.3
f5 big-ip_access_policy_manager 12.1.4
f5 big-ip_application_acceleration_manager 12.1.5
f5 big-ip_application_security_manager 12.1.6
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_analytics 11.6.1
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_domain_name_system 12.1.3
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_domain_name_system 12.1.6
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_global_traffic_manager 12.1.2
f5 big-ip_access_policy_manager 12.1.3
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_domain_name_system 11.6.3
f5 big-ip_link_controller 12.1.6
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_local_traffic_manager 17.0.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.6
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_link_controller 11.6.1
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_link_controller 12.1.0
f5 big-ip_local_traffic_manager 11.6.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_analytics 12.1.3
f5 big-ip_link_controller 11.6.3
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_fraud_protection_service 13.1.4
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_local_traffic_manager 12.1.3
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_link_controller 11.6.5
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_policy_enforcement_manager 11.6.2
f5 big-ip_link_controller 16.1.0
f5 big-ip_fraud_protection_service 12.1.6
f5 big-ip_advanced_firewall_manager 12.1.5
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_global_traffic_manager 11.6.4
f5 big-ip_local_traffic_manager 12.1.6
f5 big-ip_analytics 11.6.2
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_application_acceleration_manager 13.1.4
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_local_traffic_manager 11.6.3
f5 big-ip_link_controller 13.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.3
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_policy_enforcement_manager 13.1.1
f5 big-ip_domain_name_system 11.6.4
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 17.0.0
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_domain_name_system 13.1.5
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_fraud_protection_service 12.1.2
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_global_traffic_manager 12.1.1
f5 big-ip_global_traffic_manager 13.1.4
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_analytics 13.1.5
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_fraud_protection_service 11.6.1
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_analytics 13.1.3
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 11.6.2
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_advanced_firewall_manager 12.1.0
f5 big-ip_link_controller 14.1.3
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_link_controller 12.1.5
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_link_controller 13.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_link_controller 12.1.3
f5 big-ip_access_policy_manager 11.6.3
f5 big-ip_policy_enforcement_manager 11.6.3
f5 big-ip_application_security_manager 11.6.4
f5 big-ip_fraud_protection_service 12.1.1
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_global_traffic_manager 12.1.6
f5 big-ip_analytics 15.1.5
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_link_controller 12.1.4
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_fraud_protection_service 11.6.4
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_domain_name_system 11.6.2
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_analytics 12.1.2
f5 big-ip_domain_name_system 11.6.1
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_global_traffic_manager 12.1.0
f5 big-ip_fraud_protection_service 12.1.5
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 11.6.5
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_global_traffic_manager 11.6.5
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_access_policy_manager 11.6.5
f5 big-ip_analytics 13.1.0
f5 big-ip_link_controller 16.1.2
f5 big-ip_global_traffic_manager 11.6.2
f5 big-ip_local_traffic_manager 12.1.5
f5 big-ip_policy_enforcement_manager 12.1.5
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_fraud_protection_service 12.1.4
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_fraud_protection_service 12.1.3
f5 big-ip_link_controller 16.1.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_link_controller 11.6.2
f5 big-ip_domain_name_system 11.6.5
f5 big-ip_analytics 12.1.1
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_global_traffic_manager 12.1.4
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_analytics 15.1.0
f5 big-ip_application_acceleration_manager 13.1.1
f5 big-ip_local_traffic_manager 12.1.4
f5 big-ip_fraud_protection_service 13.1.1
f5 big-ip_domain_name_system 13.1.1
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_access_policy_manager 12.1.5
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_analytics 13.1.1
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_global_traffic_manager 11.6.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_application_acceleration_manager 12.1.6
f5 big-ip_domain_name_system 13.1.4
f5 big-ip_local_traffic_manager 11.6.5
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_global_traffic_manager 13.1.3
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_application_acceleration_manager 11.6.5
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_analytics 12.1.5
f5 big-ip_policy_enforcement_manager 11.6.4
f5 big-ip_global_traffic_manager 13.1.5
f5 big-ip_analytics 11.6.4
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_link_controller 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.3
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_analytics 17.0.0
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.2
f5 big-ip_global_traffic_manager 13.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_application_acceleration_manager 11.6.4
f5 big-ip_link_controller 15.1.1
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_application_security_manager 12.1.3
f5 big-ip_application_security_manager 12.1.5
f5 big-ip_access_policy_manager 12.1.6
f5 big-ip_link_controller 13.1.5
f5 big-ip_application_acceleration_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.2
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_fraud_protection_service 12.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_policy_enforcement_manager 12.1.3
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_advanced_firewall_manager 11.6.5
f5 big-ip_policy_enforcement_manager 14.1.3
f5 big-ip_application_security_manager 11.6.3
f5 big-ip_analytics 12.1.6
CVE-2022-26415 MEDIUM

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-26517 MEDIUM

On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT (LSN) pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-682,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_analytics 13.1.4
f5 big-ip_analytics 16.1.1
f5 big-ip_application_acceleration_manager 13.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_policy_enforcement_manager 13.1.4
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_domain_name_system 13.1.3
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_link_controller 13.1.4
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_policy_enforcement_manager 13.1.3
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_analytics 16.1.2
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_link_controller 14.1.0
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_fraud_protection_service 13.1.4
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_link_controller 16.1.0
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_application_acceleration_manager 13.1.4
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_link_controller 13.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.3
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_policy_enforcement_manager 13.1.1
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_domain_name_system 13.1.5
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_global_traffic_manager 13.1.4
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_analytics 13.1.5
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_analytics 13.1.3
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_link_controller 14.1.3
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_link_controller 13.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_analytics 15.1.5
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_analytics 13.1.0
f5 big-ip_link_controller 16.1.2
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_link_controller 16.1.1
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_analytics 15.1.0
f5 big-ip_application_acceleration_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.1
f5 big-ip_domain_name_system 13.1.1
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_analytics 13.1.1
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_domain_name_system 13.1.4
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_global_traffic_manager 13.1.3
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_global_traffic_manager 13.1.5
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_global_traffic_manager 13.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_link_controller 15.1.1
f5 big-ip_link_controller 13.1.5
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.3
CVE-2022-26835 MEDIUM

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_access_policy_manager 11.6.2
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_advanced_firewall_manager 12.1.4
f5 big-ip_analytics 11.6.5
f5 big-ip_application_acceleration_manager 11.6.2
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_local_traffic_manager 11.6.4
f5 big-ip_analytics 13.1.4
f5 big-ip_analytics 16.1.1
f5 big-ip_application_acceleration_manager 13.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_policy_enforcement_manager 13.1.4
f5 big-ip_advanced_firewall_manager 11.6.4
f5 big-ip_application_security_manager 12.1.4
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_advanced_firewall_manager 12.1.3
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 12.1.5
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_domain_name_system 13.1.3
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_link_controller 11.6.4
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_access_policy_manager 11.6.4
f5 big-ip_global_traffic_manager 12.1.3
f5 big-ip_application_security_manager 11.6.2
f5 big-ip_fraud_protection_service 11.6.5
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_analytics 12.1.4
f5 big-ip_domain_name_system 12.1.4
f5 big-ip_application_acceleration_manager 11.6.3
f5 big-ip_application_acceleration_manager 12.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_link_controller 13.1.4
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_policy_enforcement_manager 12.1.6
f5 big-ip_policy_enforcement_manager 11.6.5
f5 big-ip_analytics 11.6.3
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_policy_enforcement_manager 13.1.3
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_global_traffic_manager 12.1.5
f5 big-ip_analytics 16.1.2
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_advanced_firewall_manager 11.6.3
f5 big-ip_access_policy_manager 12.1.4
f5 big-ip_application_acceleration_manager 12.1.5
f5 big-ip_application_security_manager 12.1.6
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_analytics 11.6.1
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_domain_name_system 12.1.3
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_domain_name_system 12.1.6
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_global_traffic_manager 12.1.2
f5 big-ip_access_policy_manager 12.1.3
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_domain_name_system 11.6.3
f5 big-ip_link_controller 12.1.6
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_local_traffic_manager 17.0.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.6
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_link_controller 11.6.1
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_link_controller 12.1.0
f5 big-ip_local_traffic_manager 11.6.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_analytics 12.1.3
f5 big-ip_link_controller 11.6.3
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_fraud_protection_service 13.1.4
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_local_traffic_manager 12.1.3
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_link_controller 11.6.5
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_policy_enforcement_manager 11.6.2
f5 big-ip_link_controller 16.1.0
f5 big-ip_fraud_protection_service 12.1.6
f5 big-ip_advanced_firewall_manager 12.1.5
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_global_traffic_manager 11.6.4
f5 big-ip_local_traffic_manager 12.1.6
f5 big-ip_analytics 11.6.2
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_application_acceleration_manager 13.1.4
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_local_traffic_manager 11.6.3
f5 big-ip_link_controller 13.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.3
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_policy_enforcement_manager 13.1.1
f5 big-ip_domain_name_system 11.6.4
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 17.0.0
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_domain_name_system 13.1.5
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_fraud_protection_service 12.1.2
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_global_traffic_manager 12.1.1
f5 big-ip_global_traffic_manager 13.1.4
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_analytics 13.1.5
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_fraud_protection_service 11.6.1
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_analytics 13.1.3
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 11.6.2
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_advanced_firewall_manager 12.1.0
f5 big-ip_link_controller 14.1.3
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_link_controller 12.1.5
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_link_controller 13.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_link_controller 12.1.3
f5 big-ip_access_policy_manager 11.6.3
f5 big-ip_policy_enforcement_manager 11.6.3
f5 big-ip_application_security_manager 11.6.4
f5 big-ip_fraud_protection_service 12.1.1
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_global_traffic_manager 12.1.6
f5 big-ip_analytics 15.1.5
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_link_controller 12.1.4
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_fraud_protection_service 11.6.4
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_domain_name_system 11.6.2
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_analytics 12.1.2
f5 big-ip_domain_name_system 11.6.1
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_global_traffic_manager 12.1.0
f5 big-ip_fraud_protection_service 12.1.5
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 11.6.5
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_global_traffic_manager 11.6.5
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_access_policy_manager 11.6.5
f5 big-ip_analytics 13.1.0
f5 big-ip_link_controller 16.1.2
f5 big-ip_global_traffic_manager 11.6.2
f5 big-ip_local_traffic_manager 12.1.5
f5 big-ip_policy_enforcement_manager 12.1.5
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_fraud_protection_service 12.1.4
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_fraud_protection_service 12.1.3
f5 big-ip_link_controller 16.1.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_link_controller 11.6.2
f5 big-ip_domain_name_system 11.6.5
f5 big-ip_analytics 12.1.1
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_global_traffic_manager 12.1.4
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_analytics 15.1.0
f5 big-ip_application_acceleration_manager 13.1.1
f5 big-ip_local_traffic_manager 12.1.4
f5 big-ip_fraud_protection_service 13.1.1
f5 big-ip_domain_name_system 13.1.1
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_access_policy_manager 12.1.5
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_analytics 13.1.1
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_global_traffic_manager 11.6.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_application_acceleration_manager 12.1.6
f5 big-ip_domain_name_system 13.1.4
f5 big-ip_local_traffic_manager 11.6.5
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_global_traffic_manager 13.1.3
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_application_acceleration_manager 11.6.5
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_analytics 12.1.5
f5 big-ip_policy_enforcement_manager 11.6.4
f5 big-ip_global_traffic_manager 13.1.5
f5 big-ip_analytics 11.6.4
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_link_controller 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.3
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_analytics 17.0.0
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.2
f5 big-ip_global_traffic_manager 13.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_application_acceleration_manager 11.6.4
f5 big-ip_link_controller 15.1.1
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_application_security_manager 12.1.3
f5 big-ip_application_security_manager 12.1.5
f5 big-ip_access_policy_manager 12.1.6
f5 big-ip_link_controller 13.1.5
f5 big-ip_application_acceleration_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.2
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_fraud_protection_service 12.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_policy_enforcement_manager 12.1.3
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_advanced_firewall_manager 11.6.5
f5 big-ip_policy_enforcement_manager 14.1.3
f5 big-ip_application_security_manager 11.6.3
f5 big-ip_analytics 12.1.6
CVE-2022-26890 MEDIUM

On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Session Awareness, and the "Use APM Username and Session ID" option is enabled, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-670,

Products Affected

Vendor Product Version
f5 big-ip_advanced_web_application_firewall 15.1.1
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_advanced_web_application_firewall 15.1.4
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_advanced_web_application_firewall 13.1.5
f5 big-ip_advanced_web_application_firewall 15.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_advanced_web_application_firewall 16.1.0
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_advanced_web_application_firewall 16.1.2
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_advanced_web_application_firewall 13.1.0
f5 big-ip_advanced_web_application_firewall 14.1.2
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_advanced_web_application_firewall 14.1.4
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_advanced_web_application_firewall 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_advanced_web_application_firewall 15.1.5
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_advanced_web_application_firewall 14.1.0
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_advanced_web_application_firewall 16.1.1
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_advanced_web_application_firewall 13.1.4
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_advanced_web_application_firewall 15.1.0
f5 big-ip_advanced_web_application_firewall 15.1.2
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_advanced_web_application_firewall 13.1.3
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_advanced_web_application_firewall 13.1.1
f5 big-ip_application_security_manager 13.1.3
CVE-2022-27007 HIGH

nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
f5 njs 0.7.2
CVE-2022-27008 MEDIUM

nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
f5 njs 0.7.2
CVE-2022-27181 MEDIUM

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when APM is configured on a virtual server and the associated access profile is configured with APM AAA NTLM Auth, undisclosed requests can cause an increase in internal resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 16.1.2
CVE-2022-27182 MEDIUM

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, when BIG-IP packet filters are enabled and a virtual server is configured with the type set to Reject, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_analytics 16.1.1
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_analytics 15.1.5
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_analytics 16.1.2
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_link_controller 16.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_link_controller 16.1.1
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_analytics 15.1.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_link_controller 16.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_link_controller 15.1.1
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_policy_enforcement_manager 14.1.3
f5 big-ip_link_controller 14.1.3
CVE-2022-27189 MEDIUM

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an Internet Content Adaptation Protocol (ICAP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-681,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_access_policy_manager 11.6.2
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_advanced_firewall_manager 12.1.4
f5 big-ip_analytics 11.6.5
f5 big-ip_application_acceleration_manager 11.6.2
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_local_traffic_manager 11.6.4
f5 big-ip_analytics 13.1.4
f5 big-ip_analytics 16.1.1
f5 big-ip_application_acceleration_manager 13.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_policy_enforcement_manager 13.1.4
f5 big-ip_advanced_firewall_manager 11.6.4
f5 big-ip_application_security_manager 12.1.4
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_advanced_firewall_manager 12.1.3
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 12.1.5
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_domain_name_system 13.1.3
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_link_controller 11.6.4
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_access_policy_manager 11.6.4
f5 big-ip_global_traffic_manager 12.1.3
f5 big-ip_application_security_manager 11.6.2
f5 big-ip_fraud_protection_service 11.6.5
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_analytics 12.1.4
f5 big-ip_domain_name_system 12.1.4
f5 big-ip_application_acceleration_manager 11.6.3
f5 big-ip_application_acceleration_manager 12.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_link_controller 13.1.4
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_policy_enforcement_manager 12.1.6
f5 big-ip_policy_enforcement_manager 11.6.5
f5 big-ip_analytics 11.6.3
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_policy_enforcement_manager 13.1.3
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_global_traffic_manager 12.1.5
f5 big-ip_analytics 16.1.2
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_advanced_firewall_manager 11.6.3
f5 big-ip_access_policy_manager 12.1.4
f5 big-ip_application_acceleration_manager 12.1.5
f5 big-ip_application_security_manager 12.1.6
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_analytics 11.6.1
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_domain_name_system 12.1.3
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_domain_name_system 12.1.6
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_global_traffic_manager 12.1.2
f5 big-ip_access_policy_manager 12.1.3
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_domain_name_system 11.6.3
f5 big-ip_link_controller 12.1.6
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_local_traffic_manager 17.0.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.6
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_link_controller 11.6.1
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_link_controller 12.1.0
f5 big-ip_local_traffic_manager 11.6.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_analytics 12.1.3
f5 big-ip_link_controller 11.6.3
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_fraud_protection_service 13.1.4
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_local_traffic_manager 12.1.3
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_link_controller 11.6.5
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_policy_enforcement_manager 11.6.2
f5 big-ip_link_controller 16.1.0
f5 big-ip_fraud_protection_service 12.1.6
f5 big-ip_advanced_firewall_manager 12.1.5
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_global_traffic_manager 11.6.4
f5 big-ip_local_traffic_manager 12.1.6
f5 big-ip_analytics 11.6.2
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_application_acceleration_manager 13.1.4
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_local_traffic_manager 11.6.3
f5 big-ip_link_controller 13.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.3
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_policy_enforcement_manager 13.1.1
f5 big-ip_domain_name_system 11.6.4
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 17.0.0
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_domain_name_system 13.1.5
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_fraud_protection_service 12.1.2
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_global_traffic_manager 12.1.1
f5 big-ip_global_traffic_manager 13.1.4
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_analytics 13.1.5
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_fraud_protection_service 11.6.1
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_analytics 13.1.3
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 11.6.2
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_advanced_firewall_manager 12.1.0
f5 big-ip_link_controller 14.1.3
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_link_controller 12.1.5
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_link_controller 13.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_link_controller 12.1.3
f5 big-ip_access_policy_manager 11.6.3
f5 big-ip_policy_enforcement_manager 11.6.3
f5 big-ip_application_security_manager 11.6.4
f5 big-ip_fraud_protection_service 12.1.1
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_global_traffic_manager 12.1.6
f5 big-ip_analytics 15.1.5
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_link_controller 12.1.4
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_fraud_protection_service 11.6.4
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_domain_name_system 11.6.2
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_analytics 12.1.2
f5 big-ip_domain_name_system 11.6.1
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_global_traffic_manager 12.1.0
f5 big-ip_fraud_protection_service 12.1.5
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 11.6.5
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_global_traffic_manager 11.6.5
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_access_policy_manager 11.6.5
f5 big-ip_analytics 13.1.0
f5 big-ip_link_controller 16.1.2
f5 big-ip_global_traffic_manager 11.6.2
f5 big-ip_local_traffic_manager 12.1.5
f5 big-ip_policy_enforcement_manager 12.1.5
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_fraud_protection_service 12.1.4
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_fraud_protection_service 12.1.3
f5 big-ip_link_controller 16.1.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_link_controller 11.6.2
f5 big-ip_domain_name_system 11.6.5
f5 big-ip_analytics 12.1.1
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_global_traffic_manager 12.1.4
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_analytics 15.1.0
f5 big-ip_application_acceleration_manager 13.1.1
f5 big-ip_local_traffic_manager 12.1.4
f5 big-ip_fraud_protection_service 13.1.1
f5 big-ip_domain_name_system 13.1.1
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_access_policy_manager 12.1.5
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_analytics 13.1.1
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_global_traffic_manager 11.6.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_application_acceleration_manager 12.1.6
f5 big-ip_domain_name_system 13.1.4
f5 big-ip_local_traffic_manager 11.6.5
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_global_traffic_manager 13.1.3
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_application_acceleration_manager 11.6.5
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_analytics 12.1.5
f5 big-ip_policy_enforcement_manager 11.6.4
f5 big-ip_global_traffic_manager 13.1.5
f5 big-ip_analytics 11.6.4
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_link_controller 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.3
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_analytics 17.0.0
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.2
f5 big-ip_global_traffic_manager 13.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_application_acceleration_manager 11.6.4
f5 big-ip_link_controller 15.1.1
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_application_security_manager 12.1.3
f5 big-ip_application_security_manager 12.1.5
f5 big-ip_access_policy_manager 12.1.6
f5 big-ip_link_controller 13.1.5
f5 big-ip_application_acceleration_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.2
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_fraud_protection_service 12.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_policy_enforcement_manager 12.1.3
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_advanced_firewall_manager 11.6.5
f5 big-ip_policy_enforcement_manager 14.1.3
f5 big-ip_application_security_manager 11.6.3
f5 big-ip_analytics 12.1.6
CVE-2022-27230 MEDIUM

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_guided_configuration *
CVE-2022-27495 LOW

On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-306,

Products Affected

Vendor Product Version
f5 nginx_service_mesh 1.3.0
f5 nginx_service_mesh 1.3.1
CVE-2022-27634 MEDIUM

On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 1.2 5.2
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2022-27636 LOW

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 12.1.4
f5 big-ip_access_policy_manager 11.6.2
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_access_policy_manager 12.1.5
f5 big-ip_access_policy_manager_client *
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.2
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 11.6.3
f5 big-ip_access_policy_manager 11.6.5
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_access_policy_manager 12.1.6
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_access_policy_manager 11.6.4
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_access_policy_manager 12.1.3
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.2
CVE-2022-27659 MEDIUM

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface (TMUI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4
f5sirt@f5.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_analytics 16.1.1
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_analytics 15.1.5
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_analytics 16.1.2
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_link_controller 16.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_link_controller 16.1.1
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_analytics 15.1.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_link_controller 16.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_link_controller 15.1.1
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_policy_enforcement_manager 14.1.3
f5 big-ip_link_controller 14.1.3
CVE-2022-27662 LOW

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
f5sirt@f5.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-1336,

Products Affected

Vendor Product Version
f5 traffix_signaling_delivery_controller 5.2.0
f5 traffix_signaling_delivery_controller 5.1.0
CVE-2022-27806 MEDIUM

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.7 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 2.3 5.8
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
f5 big-ip_advanced_web_application_firewall 15.1.1
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_advanced_web_application_firewall 15.1.4
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_advanced_web_application_firewall 13.1.5
f5 big-ip_advanced_web_application_firewall 15.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_advanced_web_application_firewall 16.1.0
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_advanced_web_application_firewall 16.1.2
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_advanced_web_application_firewall 13.1.0
f5 big-ip_advanced_web_application_firewall 14.1.2
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_advanced_web_application_firewall 14.1.4
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_advanced_web_application_firewall 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_advanced_web_application_firewall 15.1.5
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_advanced_web_application_firewall 14.1.0
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_advanced_web_application_firewall 16.1.1
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_advanced_web_application_firewall 13.1.4
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_advanced_web_application_firewall 15.1.0
f5 big-ip_advanced_web_application_firewall 15.1.2
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_advanced_web_application_firewall 13.1.3
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_advanced_web_application_firewall 13.1.1
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_guided_configuration *
CVE-2022-27875 MEDIUM

On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6
f5sirt@f5.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
f5 access_for_android *
CVE-2022-27878 MEDIUM

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_analytics 13.1.4
f5 big-ip_analytics 16.1.1
f5 big-ip_application_acceleration_manager 13.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_policy_enforcement_manager 13.1.4
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_domain_name_system 13.1.3
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_link_controller 13.1.4
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_policy_enforcement_manager 13.1.3
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_analytics 16.1.2
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_link_controller 14.1.0
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_fraud_protection_service 13.1.4
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_link_controller 16.1.0
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_application_acceleration_manager 13.1.4
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_link_controller 13.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.3
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_policy_enforcement_manager 13.1.1
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_domain_name_system 13.1.5
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_global_traffic_manager 13.1.4
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_analytics 13.1.5
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_analytics 13.1.3
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_link_controller 14.1.3
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_link_controller 13.1.3
f5 big-ip_guided_configuration 6.0
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_guided_configuration 7.0
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_analytics 15.1.5
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_analytics 13.1.0
f5 big-ip_link_controller 16.1.2
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_link_controller 16.1.1
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_analytics 15.1.0
f5 big-ip_application_acceleration_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.1
f5 big-ip_domain_name_system 13.1.1
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_analytics 13.1.1
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_domain_name_system 13.1.4
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_global_traffic_manager 13.1.3
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_global_traffic_manager 13.1.5
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_global_traffic_manager 13.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_link_controller 15.1.1
f5 big-ip_link_controller 13.1.5
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.3
f5 big-ip_guided_configuration 8.0
CVE-2022-27880 LOW

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 traffix_signaling_delivery_controller 5.2.0
f5 traffix_signaling_delivery_controller 5.1.0
CVE-2022-28049 MEDIUM

NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
f5 njs 0.7.2
CVE-2022-28691 MEDIUM

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when a Real Time Streaming Protocol (RTSP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_analytics 13.1.4
f5 big-ip_analytics 16.1.1
f5 big-ip_application_acceleration_manager 13.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_policy_enforcement_manager 13.1.4
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_domain_name_system 13.1.3
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_link_controller 13.1.4
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_policy_enforcement_manager 13.1.3
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_analytics 16.1.2
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_local_traffic_manager 17.0.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_fraud_protection_service 13.1.4
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_link_controller 16.1.0
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_application_acceleration_manager 13.1.4
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_link_controller 13.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.3
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_policy_enforcement_manager 13.1.1
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 17.0.0
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_domain_name_system 13.1.5
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_global_traffic_manager 13.1.4
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_analytics 13.1.5
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_analytics 13.1.3
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_link_controller 14.1.3
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_link_controller 13.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_analytics 15.1.5
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_analytics 13.1.0
f5 big-ip_link_controller 16.1.2
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_link_controller 16.1.1
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_analytics 15.1.0
f5 big-ip_application_acceleration_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.1
f5 big-ip_domain_name_system 13.1.1
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_analytics 13.1.1
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_domain_name_system 13.1.4
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_global_traffic_manager 13.1.3
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_global_traffic_manager 13.1.5
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_analytics 17.0.0
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_global_traffic_manager 13.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_link_controller 15.1.1
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_link_controller 13.1.5
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.3
CVE-2022-28695 MEDIUM

On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
CVE-2022-28701 MEDIUM

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_analytics 16.1.1
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_link_controller 16.1.2
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_link_controller 16.1.1
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_link_controller 16.1.0
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_analytics 16.1.0
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_analytics 16.1.2
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_policy_enforcement_manager 16.1.1
CVE-2022-28705 MEDIUM

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, on platforms with an ePVA and the pva.fwdaccel BigDB variable enabled, undisclosed requests to a virtual server with a FastL4 profile that has ePVA acceleration enabled can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_analytics 13.1.4
f5 big-ip_analytics 16.1.1
f5 big-ip_application_acceleration_manager 13.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_policy_enforcement_manager 13.1.4
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_domain_name_system 13.1.3
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_link_controller 13.1.4
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_policy_enforcement_manager 13.1.3
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_analytics 16.1.2
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_local_traffic_manager 17.0.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_fraud_protection_service 13.1.4
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_link_controller 16.1.0
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_application_acceleration_manager 13.1.4
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_link_controller 13.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.3
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_policy_enforcement_manager 13.1.1
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 17.0.0
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_domain_name_system 13.1.5
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_global_traffic_manager 13.1.4
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_analytics 13.1.5
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_analytics 13.1.3
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_link_controller 14.1.3
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_link_controller 13.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_analytics 15.1.5
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_analytics 13.1.0
f5 big-ip_link_controller 16.1.2
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_link_controller 16.1.1
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_analytics 15.1.0
f5 big-ip_application_acceleration_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.1
f5 big-ip_domain_name_system 13.1.1
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_analytics 13.1.1
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_domain_name_system 13.1.4
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_global_traffic_manager 13.1.3
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_global_traffic_manager 13.1.5
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_analytics 17.0.0
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_global_traffic_manager 13.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_link_controller 15.1.1
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_link_controller 13.1.5
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.3
CVE-2022-28706 MEDIUM

On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior to 15.1.5.1, when the DNS resolver configuration is used, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_analytics 16.1.1
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_analytics 15.1.5
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 16.1.2
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 16.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_link_controller 16.1.1
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_analytics 15.1.0
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_link_controller 16.1.0
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_link_controller 15.1.1
f5 big-ip_analytics 15.1.2
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_domain_name_system 15.1.5
CVE-2022-28707 LOW

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility (also referred to as the BIG-IP TMUI) that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_analytics 16.1.1
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_analytics 15.1.5
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_analytics 16.1.2
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_link_controller 16.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_link_controller 16.1.1
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_analytics 15.1.0
f5 big-ip_local_traffic_manager 17.0.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_link_controller 16.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_analytics 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_link_controller 15.1.1
f5 big-ip_analytics 15.1.2
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_link_controller 17.0.0
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_policy_enforcement_manager 14.1.3
f5 big-ip_link_controller 14.1.3
CVE-2022-28708 MEDIUM

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP DNS resolver-enabled, HTTP-Explicit or SOCKS profile is configured on a virtual server, an undisclosed DNS response can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
f5sirt@f5.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_analytics 16.1.1
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_analytics 15.1.5
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 16.1.2
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 16.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_link_controller 16.1.1
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_analytics 15.1.0
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_link_controller 16.1.0
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_link_controller 15.1.1
f5 big-ip_analytics 15.1.2
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_domain_name_system 15.1.5
CVE-2022-28714 MEDIUM

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 12.1.4
f5 big-ip_access_policy_manager 11.6.2
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_access_policy_manager 12.1.5
f5 big-ip_access_policy_manager_client 7.1.5
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_access_policy_manager 11.6.3
f5 big-ip_access_policy_manager 11.6.5
f5 big-ip_access_policy_manager_client 7.1.8
f5 big-ip_access_policy_manager_client 7.1.9
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_access_policy_manager_client 7.1.7
f5 big-ip_access_policy_manager_client 7.1.8.2
f5 big-ip_access_policy_manager 12.1.6
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_access_policy_manager 11.6.4
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_access_policy_manager 12.1.3
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_access_policy_manager_client 7.1.6.1
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager_client 7.2.1
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_access_policy_manager_client 7.1.6
CVE-2022-28716 MEDIUM

On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
CVE-2022-28859 MEDIUM

On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_analytics 16.1.1
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_analytics 15.1.5
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_analytics 16.1.2
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_link_controller 16.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_link_controller 16.1.1
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_analytics 15.1.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_link_controller 16.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_link_controller 15.1.1
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_policy_enforcement_manager 14.1.3
f5 big-ip_link_controller 14.1.3
CVE-2022-29263 MEDIUM

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, the BIG-IP Edge Client Component Installer Service does not use best practice while saving temporary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager 12.1.4
f5 big-ip_access_policy_manager 11.6.2
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_access_policy_manager 12.1.0
f5 access_policy_manager_clients 7.1.9.8
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_access_policy_manager 12.1.5
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 17.0.0
f5 access_policy_manager_clients 7.1.8.5
f5 access_policy_manager_clients 7.2.1.1
f5 big-ip_access_policy_manager 11.6.3
f5 big-ip_access_policy_manager 11.6.5
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_access_policy_manager 12.1.6
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_access_policy_manager 11.6.4
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_access_policy_manager 12.1.3
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_access_policy_manager 16.1.1
f5 access_policy_manager_clients 7.1.9
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_access_policy_manager 13.1.5
f5 access_policy_manager_clients 7.1.9.7
f5 big-ip_access_policy_manager 16.1.0
f5 access_policy_manager_clients 7.2.1
f5 big-ip_access_policy_manager 16.1.2
f5 access_policy_manager_clients 7.1.8
CVE-2022-29369 MEDIUM

Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
f5 njs 0.7.2
CVE-2022-29379 HIGH

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
f5 njs 0.7.3
CVE-2022-29473 MEDIUM

On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an IPSec ALG profile is configured on a virtual server, undisclosed responses can cause Traffic Management Microkernel(TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_analytics 13.1.4
f5 big-ip_analytics 16.1.1
f5 big-ip_application_acceleration_manager 13.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_policy_enforcement_manager 13.1.4
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_domain_name_system 13.1.3
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_link_controller 13.1.4
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_policy_enforcement_manager 13.1.3
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_analytics 16.1.2
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_link_controller 14.1.0
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_fraud_protection_service 13.1.4
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_link_controller 16.1.0
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_application_acceleration_manager 13.1.4
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_link_controller 13.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.3
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_policy_enforcement_manager 13.1.1
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_domain_name_system 13.1.5
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_global_traffic_manager 13.1.4
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_analytics 13.1.5
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_analytics 13.1.3
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_link_controller 14.1.3
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_link_controller 13.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_analytics 15.1.5
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_analytics 13.1.0
f5 big-ip_link_controller 16.1.2
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_link_controller 16.1.1
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_analytics 15.1.0
f5 big-ip_application_acceleration_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.1
f5 big-ip_domain_name_system 13.1.1
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_analytics 13.1.1
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_domain_name_system 13.1.4
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_global_traffic_manager 13.1.3
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_global_traffic_manager 13.1.5
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_global_traffic_manager 13.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_link_controller 15.1.1
f5 big-ip_link_controller 13.1.5
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.3
CVE-2022-29474 MEDIUM

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_access_policy_manager 11.6.2
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_advanced_firewall_manager 12.1.4
f5 big-ip_analytics 11.6.5
f5 big-ip_application_acceleration_manager 11.6.2
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_local_traffic_manager 11.6.4
f5 big-ip_analytics 13.1.4
f5 big-ip_analytics 16.1.1
f5 big-ip_application_acceleration_manager 13.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_policy_enforcement_manager 13.1.4
f5 big-ip_advanced_firewall_manager 11.6.4
f5 big-ip_application_security_manager 12.1.4
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_advanced_firewall_manager 12.1.3
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 12.1.5
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_domain_name_system 13.1.3
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_link_controller 11.6.4
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_access_policy_manager 11.6.4
f5 big-ip_global_traffic_manager 12.1.3
f5 big-ip_application_security_manager 11.6.2
f5 big-ip_fraud_protection_service 11.6.5
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_analytics 12.1.4
f5 big-ip_domain_name_system 12.1.4
f5 big-ip_application_acceleration_manager 11.6.3
f5 big-ip_application_acceleration_manager 12.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_link_controller 13.1.4
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_policy_enforcement_manager 12.1.6
f5 big-ip_policy_enforcement_manager 11.6.5
f5 big-ip_analytics 11.6.3
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_policy_enforcement_manager 13.1.3
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_global_traffic_manager 12.1.5
f5 big-ip_analytics 16.1.2
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_advanced_firewall_manager 11.6.3
f5 big-ip_access_policy_manager 12.1.4
f5 big-ip_application_acceleration_manager 12.1.5
f5 big-ip_application_security_manager 12.1.6
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_analytics 11.6.1
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_domain_name_system 12.1.3
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_domain_name_system 12.1.6
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_global_traffic_manager 12.1.2
f5 big-ip_access_policy_manager 12.1.3
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_domain_name_system 11.6.3
f5 big-ip_link_controller 12.1.6
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_local_traffic_manager 17.0.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.6
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_link_controller 11.6.1
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_link_controller 12.1.0
f5 big-ip_local_traffic_manager 11.6.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_analytics 12.1.3
f5 big-ip_link_controller 11.6.3
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_fraud_protection_service 13.1.4
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_local_traffic_manager 12.1.3
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_link_controller 11.6.5
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_policy_enforcement_manager 11.6.2
f5 big-ip_link_controller 16.1.0
f5 big-ip_fraud_protection_service 12.1.6
f5 big-ip_advanced_firewall_manager 12.1.5
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_global_traffic_manager 11.6.4
f5 big-ip_local_traffic_manager 12.1.6
f5 big-ip_analytics 11.6.2
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_application_acceleration_manager 13.1.4
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_local_traffic_manager 11.6.3
f5 big-ip_link_controller 13.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.3
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_policy_enforcement_manager 13.1.1
f5 big-ip_domain_name_system 11.6.4
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 17.0.0
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_domain_name_system 13.1.5
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_fraud_protection_service 12.1.2
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_global_traffic_manager 12.1.1
f5 big-ip_global_traffic_manager 13.1.4
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_analytics 13.1.5
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_fraud_protection_service 11.6.1
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_analytics 13.1.3
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 11.6.2
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_advanced_firewall_manager 12.1.0
f5 big-ip_link_controller 14.1.3
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_link_controller 12.1.5
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_link_controller 13.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_link_controller 12.1.3
f5 big-ip_access_policy_manager 11.6.3
f5 big-ip_policy_enforcement_manager 11.6.3
f5 big-ip_application_security_manager 11.6.4
f5 big-ip_fraud_protection_service 12.1.1
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_global_traffic_manager 12.1.6
f5 big-ip_analytics 15.1.5
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_link_controller 12.1.4
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_fraud_protection_service 11.6.4
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_domain_name_system 11.6.2
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_analytics 12.1.2
f5 big-ip_domain_name_system 11.6.1
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_global_traffic_manager 12.1.0
f5 big-ip_fraud_protection_service 12.1.5
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 11.6.5
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_global_traffic_manager 11.6.5
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_access_policy_manager 11.6.5
f5 big-ip_analytics 13.1.0
f5 big-ip_link_controller 16.1.2
f5 big-ip_global_traffic_manager 11.6.2
f5 big-ip_local_traffic_manager 12.1.5
f5 big-ip_policy_enforcement_manager 12.1.5
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_fraud_protection_service 12.1.4
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_fraud_protection_service 12.1.3
f5 big-ip_link_controller 16.1.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_link_controller 11.6.2
f5 big-ip_domain_name_system 11.6.5
f5 big-ip_analytics 12.1.1
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_global_traffic_manager 12.1.4
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_analytics 15.1.0
f5 big-ip_application_acceleration_manager 13.1.1
f5 big-ip_local_traffic_manager 12.1.4
f5 big-ip_fraud_protection_service 13.1.1
f5 big-ip_domain_name_system 13.1.1
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_access_policy_manager 12.1.5
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_analytics 13.1.1
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_global_traffic_manager 11.6.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_application_acceleration_manager 12.1.6
f5 big-ip_domain_name_system 13.1.4
f5 big-ip_local_traffic_manager 11.6.5
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_global_traffic_manager 13.1.3
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_application_acceleration_manager 11.6.5
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_analytics 12.1.5
f5 big-ip_policy_enforcement_manager 11.6.4
f5 big-ip_global_traffic_manager 13.1.5
f5 big-ip_analytics 11.6.4
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_link_controller 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.3
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_analytics 17.0.0
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.2
f5 big-ip_global_traffic_manager 13.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_application_acceleration_manager 11.6.4
f5 big-ip_link_controller 15.1.1
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_application_security_manager 12.1.3
f5 big-ip_application_security_manager 12.1.5
f5 big-ip_access_policy_manager 12.1.6
f5 big-ip_link_controller 13.1.5
f5 big-ip_application_acceleration_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.2
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_fraud_protection_service 12.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_policy_enforcement_manager 12.1.3
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_advanced_firewall_manager 11.6.5
f5 big-ip_policy_enforcement_manager 14.1.3
f5 big-ip_application_security_manager 11.6.3
f5 big-ip_analytics 12.1.6
CVE-2022-29479 MEDIUM

On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled (disabled by default) on a BIG-IP system, undisclosed packets may cause decreased performance. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
f5sirt@f5.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_access_policy_manager 11.6.2
f5 big-iq_centralized_management 8.0.0
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_advanced_firewall_manager 12.1.4
f5 big-ip_analytics 11.6.5
f5 big-ip_application_acceleration_manager 11.6.2
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_local_traffic_manager 11.6.4
f5 big-ip_analytics 13.1.4
f5 big-ip_analytics 16.1.1
f5 big-ip_application_acceleration_manager 13.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_policy_enforcement_manager 13.1.4
f5 big-ip_advanced_firewall_manager 11.6.4
f5 big-ip_application_security_manager 12.1.4
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_advanced_firewall_manager 12.1.3
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 12.1.5
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_domain_name_system 13.1.3
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_link_controller 11.6.4
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_access_policy_manager 11.6.4
f5 big-ip_global_traffic_manager 12.1.3
f5 big-ip_application_security_manager 11.6.2
f5 big-ip_fraud_protection_service 11.6.5
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_analytics 12.1.4
f5 big-ip_domain_name_system 12.1.4
f5 big-ip_application_acceleration_manager 11.6.3
f5 big-ip_application_acceleration_manager 12.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_link_controller 13.1.4
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_policy_enforcement_manager 12.1.6
f5 big-ip_policy_enforcement_manager 11.6.5
f5 big-ip_analytics 11.6.3
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_policy_enforcement_manager 13.1.3
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_global_traffic_manager 12.1.5
f5 big-ip_analytics 16.1.2
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_advanced_firewall_manager 11.6.3
f5 big-ip_access_policy_manager 12.1.4
f5 big-ip_application_acceleration_manager 12.1.5
f5 big-ip_application_security_manager 12.1.6
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_analytics 11.6.1
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_domain_name_system 12.1.3
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_domain_name_system 12.1.6
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_global_traffic_manager 12.1.2
f5 big-ip_access_policy_manager 12.1.3
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_domain_name_system 11.6.3
f5 big-ip_link_controller 12.1.6
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_local_traffic_manager 17.0.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.6
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_link_controller 11.6.1
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-iq_centralized_management 7.0.0
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_link_controller 12.1.0
f5 big-ip_local_traffic_manager 11.6.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_analytics 12.1.3
f5 big-ip_link_controller 11.6.3
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_fraud_protection_service 13.1.4
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_local_traffic_manager 12.1.3
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_link_controller 11.6.5
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_policy_enforcement_manager 11.6.2
f5 big-ip_link_controller 16.1.0
f5 big-ip_fraud_protection_service 12.1.6
f5 big-ip_advanced_firewall_manager 12.1.5
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_global_traffic_manager 11.6.4
f5 big-ip_local_traffic_manager 12.1.6
f5 big-ip_analytics 11.6.2
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_application_acceleration_manager 13.1.4
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_local_traffic_manager 11.6.3
f5 big-ip_link_controller 13.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.3
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_policy_enforcement_manager 13.1.1
f5 big-ip_domain_name_system 11.6.4
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 17.0.0
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_domain_name_system 13.1.5
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_fraud_protection_service 12.1.2
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_global_traffic_manager 12.1.1
f5 big-ip_global_traffic_manager 13.1.4
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_analytics 13.1.5
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_fraud_protection_service 11.6.1
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_analytics 13.1.3
f5 big-iq_centralized_management 7.1.0
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 11.6.2
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_advanced_firewall_manager 12.1.0
f5 big-ip_link_controller 14.1.3
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_link_controller 12.1.5
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_link_controller 13.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_link_controller 12.1.3
f5 big-ip_access_policy_manager 11.6.3
f5 big-ip_policy_enforcement_manager 11.6.3
f5 big-ip_application_security_manager 11.6.4
f5 big-ip_fraud_protection_service 12.1.1
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_global_traffic_manager 12.1.6
f5 big-ip_analytics 15.1.5
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_link_controller 12.1.4
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_fraud_protection_service 11.6.4
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_domain_name_system 11.6.2
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_analytics 12.1.2
f5 big-ip_domain_name_system 11.6.1
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_global_traffic_manager 12.1.0
f5 big-ip_fraud_protection_service 12.1.5
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 11.6.5
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_global_traffic_manager 11.6.5
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_access_policy_manager 11.6.5
f5 big-ip_analytics 13.1.0
f5 big-ip_link_controller 16.1.2
f5 big-ip_global_traffic_manager 11.6.2
f5 big-ip_local_traffic_manager 12.1.5
f5 big-ip_policy_enforcement_manager 12.1.5
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_fraud_protection_service 12.1.4
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_fraud_protection_service 12.1.3
f5 big-ip_link_controller 16.1.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_link_controller 11.6.2
f5 big-ip_domain_name_system 11.6.5
f5 big-ip_analytics 12.1.1
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_global_traffic_manager 12.1.4
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_analytics 15.1.0
f5 big-ip_application_acceleration_manager 13.1.1
f5 big-ip_local_traffic_manager 12.1.4
f5 big-ip_fraud_protection_service 13.1.1
f5 big-ip_domain_name_system 13.1.1
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_access_policy_manager 12.1.5
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_analytics 13.1.1
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_global_traffic_manager 11.6.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_application_acceleration_manager 12.1.6
f5 big-ip_domain_name_system 13.1.4
f5 big-ip_local_traffic_manager 11.6.5
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_global_traffic_manager 13.1.3
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_application_acceleration_manager 11.6.5
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_analytics 12.1.5
f5 big-ip_policy_enforcement_manager 11.6.4
f5 big-ip_global_traffic_manager 13.1.5
f5 big-ip_analytics 11.6.4
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_link_controller 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.3
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_analytics 17.0.0
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.2
f5 big-ip_global_traffic_manager 13.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_application_acceleration_manager 11.6.4
f5 big-ip_link_controller 15.1.1
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-iq_centralized_management 8.2.0
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_application_security_manager 12.1.3
f5 big-ip_application_security_manager 12.1.5
f5 big-ip_access_policy_manager 12.1.6
f5 big-ip_link_controller 13.1.5
f5 big-ip_application_acceleration_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.2
f5 big-iq_centralized_management 8.1.0
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_fraud_protection_service 12.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_policy_enforcement_manager 12.1.3
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_advanced_firewall_manager 11.6.5
f5 big-ip_policy_enforcement_manager 14.1.3
f5 big-ip_application_security_manager 11.6.3
f5 big-ip_analytics 12.1.6
CVE-2022-29480 MEDIUM

On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when multiple route domains are configured, undisclosed requests to big3d can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_link_controller 15.1.4
f5 big-ip_access_policy_manager 11.6.2
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_advanced_firewall_manager 12.1.4
f5 big-ip_analytics 11.6.5
f5 big-ip_application_acceleration_manager 11.6.2
f5 big-ip_application_acceleration_manager 14.1.3
f5 big-ip_global_traffic_manager 15.1.4
f5 big-ip_analytics 14.1.4
f5 big-ip_link_controller 15.1.0
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_global_traffic_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.1
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_local_traffic_manager 11.6.4
f5 big-ip_analytics 13.1.4
f5 big-ip_analytics 16.1.1
f5 big-ip_application_acceleration_manager 13.1.3
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.3
f5 big-ip_policy_enforcement_manager 13.1.4
f5 big-ip_advanced_firewall_manager 11.6.4
f5 big-ip_application_security_manager 12.1.4
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_fraud_protection_service 14.1.4
f5 big-ip_domain_name_system 14.1.2
f5 big-ip_advanced_firewall_manager 12.1.3
f5 big-ip_fraud_protection_service 15.1.2
f5 big-ip_domain_name_system 12.1.5
f5 big-ip_application_acceleration_manager 12.1.0
f5 big-ip_domain_name_system 16.1.0
f5 big-ip_advanced_firewall_manager 15.1.1
f5 big-ip_domain_name_system 13.1.3
f5 big-ip_fraud_protection_service 14.1.2
f5 big-ip_link_controller 11.6.4
f5 big-ip_global_traffic_manager 15.1.1
f5 big-ip_access_policy_manager 11.6.4
f5 big-ip_global_traffic_manager 12.1.3
f5 big-ip_application_security_manager 11.6.2
f5 big-ip_fraud_protection_service 11.6.5
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_domain_name_system 12.1.2
f5 big-ip_analytics 12.1.4
f5 big-ip_domain_name_system 12.1.4
f5 big-ip_application_acceleration_manager 11.6.3
f5 big-ip_application_acceleration_manager 12.1.3
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_link_controller 13.1.4
f5 big-ip_application_acceleration_manager 16.1.0
f5 big-ip_policy_enforcement_manager 12.1.6
f5 big-ip_policy_enforcement_manager 11.6.5
f5 big-ip_analytics 11.6.3
f5 big-ip_global_traffic_manager 13.1.0
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_policy_enforcement_manager 13.1.3
f5 big-ip_policy_enforcement_manager 16.1.0
f5 big-ip_analytics 14.1.2
f5 big-ip_global_traffic_manager 12.1.5
f5 big-ip_analytics 16.1.2
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_advanced_firewall_manager 11.6.3
f5 big-ip_access_policy_manager 12.1.4
f5 big-ip_application_acceleration_manager 12.1.5
f5 big-ip_application_security_manager 12.1.6
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_fraud_protection_service 15.1.4
f5 big-ip_application_acceleration_manager 11.6.1
f5 big-ip_global_traffic_manager 15.1.3
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_analytics 11.6.1
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_domain_name_system 12.1.3
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_advanced_firewall_manager 15.1.2
f5 big-ip_domain_name_system 12.1.6
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_link_controller 14.1.2
f5 big-ip_global_traffic_manager 15.1.5
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_fraud_protection_service 13.1.0
f5 big-ip_global_traffic_manager 12.1.2
f5 big-ip_access_policy_manager 12.1.3
f5 big-ip_advanced_firewall_manager 14.1.3
f5 big-ip_analytics 12.1.0
f5 big-ip_policy_enforcement_manager 12.1.2
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager 13.1.1
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_domain_name_system 11.6.3
f5 big-ip_link_controller 12.1.6
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_advanced_firewall_manager 12.1.1
f5 big-ip_application_acceleration_manager 14.1.4
f5 big-ip_local_traffic_manager 17.0.0
f5 big-ip_link_controller 14.1.0
f5 big-ip_application_acceleration_manager 12.1.2
f5 big-ip_advanced_firewall_manager 12.1.6
f5 big-ip_domain_name_system 15.1.3
f5 big-ip_link_controller 11.6.1
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.4
f5 big-ip_application_acceleration_manager 14.1.2
f5 big-ip_link_controller 12.1.0
f5 big-ip_local_traffic_manager 11.6.2
f5 big-ip_application_acceleration_manager 15.1.5
f5 big-ip_global_traffic_manager 16.1.0
f5 big-ip_global_traffic_manager 14.1.3
f5 big-ip_analytics 12.1.3
f5 big-ip_link_controller 11.6.3
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_fraud_protection_service 13.1.4
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_domain_name_system 13.1.0
f5 big-ip_global_traffic_manager 15.1.2
f5 big-ip_local_traffic_manager 12.1.3
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_link_controller 11.6.5
f5 big-ip_domain_name_system 14.1.4
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_policy_enforcement_manager 11.6.2
f5 big-ip_link_controller 16.1.0
f5 big-ip_fraud_protection_service 12.1.6
f5 big-ip_advanced_firewall_manager 12.1.5
f5 big-ip_analytics 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_link_controller 13.1.0
f5 big-ip_application_acceleration_manager 16.1.1
f5 big-ip_global_traffic_manager 11.6.4
f5 big-ip_local_traffic_manager 12.1.6
f5 big-ip_analytics 11.6.2
f5 big-ip_advanced_firewall_manager 13.1.4
f5 big-ip_application_acceleration_manager 13.1.4
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_domain_name_system 15.1.4
f5 big-ip_application_acceleration_manager 13.1.0
f5 big-ip_local_traffic_manager 11.6.3
f5 big-ip_link_controller 13.1.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_fraud_protection_service 13.1.3
f5 big-ip_advanced_firewall_manager 14.1.2
f5 big-ip_policy_enforcement_manager 14.1.4
f5 big-ip_fraud_protection_service 15.1.1
f5 big-ip_policy_enforcement_manager 13.1.1
f5 big-ip_domain_name_system 11.6.4
f5 big-ip_fraud_protection_service 15.1.5
f5 big-ip_analytics 15.1.2
f5 big-ip_link_controller 17.0.0
f5 big-ip_link_controller 14.1.4
f5 big-ip_advanced_firewall_manager 16.1.1
f5 big-ip_domain_name_system 13.1.5
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_fraud_protection_service 12.1.2
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_global_traffic_manager 16.1.1
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_global_traffic_manager 12.1.1
f5 big-ip_global_traffic_manager 13.1.4
f5 big-ip_domain_name_system 16.1.1
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_analytics 13.1.5
f5 big-ip_advanced_firewall_manager 15.1.4
f5 big-ip_fraud_protection_service 11.6.1
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_analytics 13.1.3
f5 big-ip_domain_name_system 15.1.5
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_advanced_firewall_manager 11.6.2
f5 big-ip_application_security_manager 13.1.3
f5 big-ip_advanced_firewall_manager 12.1.0
f5 big-ip_link_controller 14.1.3
f5 big-ip_global_traffic_manager 14.1.2
f5 big-ip_domain_name_system 15.1.1
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_policy_enforcement_manager 15.1.5
f5 big-ip_link_controller 12.1.5
f5 big-ip_application_acceleration_manager 15.1.4
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_policy_enforcement_manager 13.1.0
f5 big-ip_link_controller 13.1.3
f5 big-ip_global_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_link_controller 12.1.3
f5 big-ip_access_policy_manager 11.6.3
f5 big-ip_policy_enforcement_manager 11.6.3
f5 big-ip_application_security_manager 11.6.4
f5 big-ip_fraud_protection_service 12.1.1
f5 big-ip_link_controller 15.1.5
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_analytics 15.1.3
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_fraud_protection_service 14.1.3
f5 big-ip_global_traffic_manager 12.1.6
f5 big-ip_analytics 15.1.5
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_application_acceleration_manager 15.1.3
f5 big-ip_link_controller 12.1.4
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_fraud_protection_service 11.6.4
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_analytics 16.1.0
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_advanced_firewall_manager 11.6.1
f5 big-ip_domain_name_system 11.6.2
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_domain_name_system 15.1.2
f5 big-ip_analytics 12.1.2
f5 big-ip_domain_name_system 11.6.1
f5 big-ip_advanced_firewall_manager 13.1.3
f5 big-ip_domain_name_system 12.1.1
f5 big-ip_global_traffic_manager 12.1.0
f5 big-ip_fraud_protection_service 12.1.5
f5 big-ip_policy_enforcement_manager 15.1.1
f5 big-ip_analytics 14.1.0
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 11.6.5
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_global_traffic_manager 11.6.5
f5 big-ip_domain_name_system 14.1.3
f5 big-ip_access_policy_manager 11.6.5
f5 big-ip_analytics 13.1.0
f5 big-ip_link_controller 16.1.2
f5 big-ip_global_traffic_manager 11.6.2
f5 big-ip_local_traffic_manager 12.1.5
f5 big-ip_policy_enforcement_manager 12.1.5
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_application_acceleration_manager 15.1.2
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_application_acceleration_manager 12.1.1
f5 big-ip_fraud_protection_service 12.1.4
f5 big-ip_fraud_protection_service 16.1.0
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_fraud_protection_service 12.1.3
f5 big-ip_link_controller 16.1.1
f5 big-ip_policy_enforcement_manager 12.1.0
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_link_controller 11.6.2
f5 big-ip_domain_name_system 11.6.5
f5 big-ip_analytics 12.1.1
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_global_traffic_manager 12.1.4
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 15.1.4
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_policy_enforcement_manager 11.6.1
f5 big-ip_analytics 15.1.0
f5 big-ip_application_acceleration_manager 13.1.1
f5 big-ip_local_traffic_manager 12.1.4
f5 big-ip_fraud_protection_service 13.1.1
f5 big-ip_domain_name_system 13.1.1
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_advanced_firewall_manager 14.1.0
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_access_policy_manager 12.1.5
f5 big-ip_advanced_firewall_manager 13.1.0
f5 big-ip_analytics 13.1.1
f5 big-ip_analytics 15.1.1
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_link_controller 15.1.3
f5 big-ip_policy_enforcement_manager 15.1.2
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_global_traffic_manager 11.6.3
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_link_controller 15.1.2
f5 big-ip_application_acceleration_manager 12.1.6
f5 big-ip_domain_name_system 13.1.4
f5 big-ip_local_traffic_manager 11.6.5
f5 big-ip_policy_enforcement_manager 15.1.4
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_global_traffic_manager 13.1.3
f5 big-ip_advanced_firewall_manager 16.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_application_acceleration_manager 11.6.5
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_analytics 12.1.5
f5 big-ip_policy_enforcement_manager 11.6.4
f5 big-ip_global_traffic_manager 13.1.5
f5 big-ip_analytics 11.6.4
f5 big-ip_domain_name_system 12.1.0
f5 big-ip_fraud_protection_service 16.1.1
f5 big-ip_link_controller 12.1.1
f5 big-ip_advanced_firewall_manager 12.1.2
f5 big-ip_policy_enforcement_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.3
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_policy_enforcement_manager 16.1.1
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_analytics 17.0.0
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_link_controller 12.1.2
f5 big-ip_global_traffic_manager 13.1.1
f5 big-ip_advanced_firewall_manager 15.1.3
f5 big-ip_application_acceleration_manager 11.6.4
f5 big-ip_link_controller 15.1.1
f5 big-ip_policy_enforcement_manager 12.1.1
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_application_security_manager 12.1.3
f5 big-ip_application_security_manager 12.1.5
f5 big-ip_access_policy_manager 12.1.6
f5 big-ip_link_controller 13.1.5
f5 big-ip_application_acceleration_manager 12.1.4
f5 big-ip_fraud_protection_service 11.6.2
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_fraud_protection_service 12.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_fraud_protection_service 15.1.3
f5 big-ip_policy_enforcement_manager 12.1.3
f5 big-ip_advanced_firewall_manager 15.1.5
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_policy_enforcement_manager 14.1.2
f5 big-ip_advanced_firewall_manager 11.6.5
f5 big-ip_policy_enforcement_manager 14.1.3
f5 big-ip_application_security_manager 11.6.3
f5 big-ip_analytics 12.1.6
CVE-2022-29491 MEDIUM

On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on the other (server/client), undisclosed requests can cause the TMM process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
f5 big-ip_advanced_web_application_firewall 11.6.4
f5 big-ip_advanced_web_application_firewall 11.6.5
f5 big-ip_access_policy_manager 11.6.2
f5 big-ip_application_security_manager 15.1.2
f5 big-ip_advanced_web_application_firewall 15.1.4
f5 big-ip_access_policy_manager 12.1.0
f5 big-ip_access_policy_manager 15.1.4
f5 big-ip_advanced_web_application_firewall 13.1.5
f5 big-ip_local_traffic_manager 11.6.4
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_advanced_web_application_firewall 16.1.0
f5 big-ip_access_policy_manager 15.1.5
f5 big-ip_application_security_manager 12.1.0
f5 big-ip_application_security_manager 12.1.4
f5 big-ip_local_traffic_manager 13.1.3
f5 big-ip_access_policy_manager 13.1.3
f5 big-ip_access_policy_manager 14.1.4
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_access_policy_manager 11.6.3
f5 big-ip_application_security_manager 11.6.4
f5 big-ip_local_traffic_manager 16.1.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_advanced_web_application_firewall 16.1.2
f5 big-ip_local_traffic_manager 15.1.5
f5 big-ip_local_traffic_manager 12.1.1
f5 big-ip_advanced_web_application_firewall 13.1.0
f5 big-ip_access_policy_manager 11.6.4
f5 big-ip_advanced_web_application_firewall 12.1.1
f5 big-ip_access_policy_manager 11.6.1
f5 big-ip_application_security_manager 11.6.2
f5 big-ip_access_policy_manager 14.1.3
f5 big-ip_advanced_web_application_firewall 14.1.4
f5 big-ip_access_policy_manager 15.1.3
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.4
f5 big-ip_local_traffic_manager 12.1.0
f5 big-ip_application_security_manager 13.1.4
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_application_security_manager 13.1.1
f5 big-ip_access_policy_manager 12.1.4
f5 big-ip_advanced_web_application_firewall 12.1.0
f5 big-ip_application_security_manager 12.1.6
f5 big-ip_access_policy_manager 15.1.1
f5 big-ip_application_security_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.4
f5 big-ip_local_traffic_manager 15.1.2
f5 big-ip_advanced_web_application_firewall 12.1.4
f5 big-ip_local_traffic_manager 16.1.1
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_application_security_manager 11.6.5
f5 big-ip_application_security_manager 14.1.3
f5 big-ip_local_traffic_manager 14.1.2
f5 big-ip_local_traffic_manager 14.1.3
f5 big-ip_application_security_manager 15.1.3
f5 big-ip_application_security_manager 15.1.5
f5 big-ip_access_policy_manager 11.6.5
f5 big-ip_local_traffic_manager 12.1.5
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_access_policy_manager 12.1.2
f5 big-ip_advanced_web_application_firewall 13.1.4
f5 big-ip_local_traffic_manager 15.1.1
f5 big-ip_access_policy_manager 12.1.3
f5 big-ip_advanced_web_application_firewall 15.1.0
f5 big-ip_advanced_web_application_firewall 12.1.2
f5 big-ip_access_policy_manager 16.1.1
f5 big-ip_advanced_web_application_firewall 17.0.0
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_access_policy_manager 16.1.0
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_local_traffic_manager 17.0.0
f5 big-ip_local_traffic_manager 12.1.4
f5 big-ip_advanced_web_application_firewall 11.6.1
f5 big-ip_advanced_web_application_firewall 15.1.1
f5 big-ip_local_traffic_manager 11.6.1
f5 big-ip_advanced_web_application_firewall 15.1.3
f5 big-ip_local_traffic_manager 11.6.2
f5 big-ip_local_traffic_manager 14.1.4
f5 big-ip_access_policy_manager 12.1.5
f5 big-ip_advanced_web_application_firewall 12.1.6
f5 big-ip_local_traffic_manager 13.1.0
f5 big-ip_local_traffic_manager 15.1.3
f5 big-ip_access_policy_manager 12.1.1
f5 big-ip_application_security_manager 16.1.1
f5 big-ip_local_traffic_manager 11.6.5
f5 big-ip_access_policy_manager 15.1.2
f5 big-ip_local_traffic_manager 12.1.3
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_advanced_web_application_firewall 14.1.2
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_access_policy_manager 14.1.2
f5 big-ip_advanced_web_application_firewall 14.1.3
f5 big-ip_application_security_manager 14.1.2
f5 big-ip_local_traffic_manager 12.1.6
f5 big-ip_application_security_manager 16.1.0
f5 big-ip_local_traffic_manager 11.6.3
f5 big-ip_advanced_web_application_firewall 15.1.5
f5 big-ip_access_policy_manager 13.1.1
f5 big-ip_local_traffic_manager 13.1.1
f5 big-ip_access_policy_manager 13.1.4
f5 big-ip_application_security_manager 12.1.2
f5 big-ip_advanced_web_application_firewall 12.1.3
f5 big-ip_advanced_web_application_firewall 14.1.0
f5 big-ip_local_traffic_manager 12.1.2
f5 big-ip_application_security_manager 12.1.3
f5 big-ip_advanced_web_application_firewall 16.1.1
f5 big-ip_application_security_manager 12.1.5
f5 big-ip_advanced_web_application_firewall 12.1.5
f5 big-ip_access_policy_manager 12.1.6
f5 big-ip_application_security_manager 11.6.1
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_application_security_manager 15.1.1
f5 big-ip_advanced_web_application_firewall 15.1.2
f5 big-ip_advanced_web_application_firewall 13.1.3
f5 big-ip_access_policy_manager 13.1.0
f5 big-ip_application_security_manager 15.1.4
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_application_security_manager 14.1.4
f5 big-ip_advanced_web_application_firewall 11.6.2
f5 big-ip_advanced_web_application_firewall 13.1.1
f5 big-ip_advanced_web_application_firewall 11.6.3
f5 big-ip_application_security_manager 11.6.3
f5 big-ip_application_security_manager 12.1.1
f5 big-ip_application_security_manager 13.1.3
CVE-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
f5sirt@f5.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
f5 nginx_ingress_controller *
CVE-2022-31306 MEDIUM

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
f5 njs 0.7.2
CVE-2022-31307 MEDIUM

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
f5 njs 0.7.2
CVE-2022-31473

In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 2.3 4.0
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager 16.1.0
CVE-2022-32414 MEDIUM

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
f5 njs 0.7.2
CVE-2022-32455

In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-33203

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_ssl_orchestrator *
CVE-2022-33947

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface (TMUI) that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operations through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
f5 big-ip_domain_name_system *
CVE-2022-33962

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
f5sirt@f5.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_link_controller 17.0.0
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_analytics 17.0.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_local_traffic_manager 17.0.0
CVE-2022-33968

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_link_controller 17.0.0
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_analytics 17.0.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_local_traffic_manager 17.0.0
CVE-2022-34027

Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 njs 0.7.4
CVE-2022-34028

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 njs 0.7.5
CVE-2022-34029

Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

Products Affected

Vendor Product Version
f5 njs 0.7.4
CVE-2022-34030

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 njs 0.7.5
CVE-2022-34031

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 njs 0.7.5
CVE-2022-34032

Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 njs 0.7.5
CVE-2022-34651

In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-34655

In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-34844

In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-iq_centralized_management 8.0.0
f5 big-iq_centralized_management 8.1.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-iq_centralized_management 7.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-iq_centralized_management 7.1.0
f5 big-iq_centralized_management 8.2.0
f5 big-ip_analytics *
CVE-2022-34851

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_link_controller 17.0.0
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_analytics 17.0.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_local_traffic_manager 17.0.0
CVE-2022-34862

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-34865

In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2
f5sirt@f5.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 2.2 2.5

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-35236

In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-35240

In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-35241

In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
f5 nginx_instance_manager *
CVE-2022-35243

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0
f5sirt@f5.com 8.7 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 2.3 5.8

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-35245

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2022-35272

In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_link_controller 17.0.0
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_analytics 17.0.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_local_traffic_manager 17.0.0
CVE-2022-35728

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-iq_centralized_management 8.0.0
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-iq_centralized_management 7.0.0
f5 big-ip_analytics 17.0.0
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_analytics *
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_link_controller 17.0.0
f5 big-iq_centralized_management 8.1.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_global_traffic_manager *
f5 big-iq_centralized_management 7.1.0
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_local_traffic_manager 17.0.0
CVE-2022-35735

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
f5sirt@f5.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-36795

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-38890

Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h

Products Affected

Vendor Product Version
f5 njs 0.7.7
CVE-2022-41617

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
f5sirt@f5.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2022-41622

In all versions,  BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_analytics 17.0.0
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_analytics *
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_link_controller 17.0.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_global_traffic_manager *
f5 big-iq_centralized_management 7.1.0
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_local_traffic_manager 17.0.0
CVE-2022-41624

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-41691

When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2022-41694

In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
f5sirt@f5.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
f5 nginx 1.23.1
debian debian_linux 11.0
f5 nginx 1.23.0
f5 nginx r2
f5 nginx_ingress_controller *
fedoraproject fedora 36
fedoraproject fedora 37
f5 nginx *
fedoraproject fedora 35
f5 nginx r1
debian debian_linux 10.0
CVE-2022-41742

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.

Products Affected

Vendor Product Version
f5 nginx 1.23.1
debian debian_linux 11.0
f5 nginx 1.23.0
f5 nginx r2
f5 nginx_ingress_controller *
fedoraproject fedora 36
fedoraproject fedora 37
f5 nginx *
fedoraproject fedora 35
f5 nginx r1
debian debian_linux 10.0
CVE-2022-41743

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
f5 nginx_ingress_controller *
f5 nginx_plus *
CVE-2022-41770

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-iq_centralized_management 7.1.0
f5 big-ip_analytics *
CVE-2022-41780

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
f5 f5os-a *
f5 f5os-c *
CVE-2022-41787

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_domain_name_system *
CVE-2022-41800

In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_link_controller 17.0.0
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_analytics 17.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_local_traffic_manager 17.0.0
CVE-2022-41806

In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
CVE-2022-41813

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
f5sirt@f5.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
CVE-2022-41832

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-41833

In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager *
f5 big-ip_analytics *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
CVE-2022-41835

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
f5sirt@f5.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H 2.0 4.7

Products Affected

Vendor Product Version
f5 f5os-a *
f5 f5os-c *
CVE-2022-41836

When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_advanced_web_application_firewall 17.0.0
CVE-2022-41983

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4
f5sirt@f5.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2022-43284

Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.

Products Affected

Vendor Product Version
f5 njs *
CVE-2022-43285

Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.

Products Affected

Vendor Product Version
f5 njs 0.7.4
CVE-2022-43286

Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
f5 njs 0.7.2
CVE-2023-1550

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
f5 nginx_agent *
f5 nginx_instance_manager *
CVE-2023-22281

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
CVE-2023-22283

On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_edge -
CVE-2023-22302

In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
CVE-2023-22323

In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
CVE-2023-22326

In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
CVE-2023-22340

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
CVE-2023-22341

On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to '/' * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2023-22358

In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_edge -
CVE-2023-22372

In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2023-22374

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9
nvd@nist.gov 8.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.8 6.0

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_policy_enforcement_manager 13.1.5
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_analytics 17.0.0
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_ssl_orchestrator 17.0.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_link_controller 17.0.0
f5 big-ip_link_controller 13.1.5
f5 big-ip_application_acceleration_manager 13.1.5
f5 big-ip_local_traffic_manager 13.1.5
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_fraud_protection_service 13.1.5
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_analytics 13.1.5
f5 big-ip_advanced_firewall_manager *
f5 big-ip_access_policy_manager 13.1.5
f5 big-ip_ddos_hybrid_defender 13.1.5
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_application_security_manager 13.1.0
f5 big-ip_ssl_orchestrator 13.1.5
f5 big-ip_advanced_firewall_manager 13.1.5
f5 big-ip_local_traffic_manager 17.0.0
CVE-2023-22418

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
CVE-2023-22422

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
CVE-2023-22657

On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Products Affected

Vendor Product Version
f5 f5os-a *
f5 f5os-c *
CVE-2023-22664

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
f5 big-ip_service_proxy 1.6.0
CVE-2023-22839

On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_i11600_firmware -
f5 viprion_b4300_firmware -
f5 big-ip_i10800_firmware -
f5 big-ip_i11800_firmware -
f5 r5600_firmware -
f5 r10600_firmware -
f5 big-ip_10200v_firmware -
f5 big-ip_7000s_firmware -
f5 big-ip_i7800_firmware -
f5 big-ip_domain_name_system *
f5 viprion_b2250_firmware -
f5 big-ip_10200v-ssl_firmware -
f5 viprion_b4450_firmware -
f5 velos_bx110_firmware -
f5 big-ip_i15600_firmware -
f5 big-ip_i15800_firmware -
f5 big-ip_10000s_firmware -
f5 big-ip_12000_firmware -
f5 viprion_b2100_firmware -
f5 big-ip_7200v-ssl_firmware -
f5 r10800_firmware -
f5 big-ip_i7600_firmware -
f5 viprion_b2150_firmware -
f5 big-ip_i5600_firmware -
f5 r5900_firmware -
f5 big-ip_5200v-ssl_firmware -
f5 r5800_firmware -
f5 big-ip_5000s_firmware -
f5 r10900_firmware -
f5 big-ip_i10600_firmware -
f5 big-ip_7200v_firmware -
f5 big-ip_i5800_firmware -
f5 big-ip_5200v_firmware -
CVE-2023-22842

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
CVE-2023-23552

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-23555

On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_service_proxy *
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
CVE-2023-24461

An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2023-24594

When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
f5 big-ip_fraud_protection_service 14.1.5
f5 big-ip_websafe 14.1.5
f5 big-ip_global_traffic_manager 16.1.2
f5 big-ip_domain_name_system 14.1.5
f5 big-ip_link_controller 15.1.4.1
f5 big-ip_webaccelerator 16.1.2
f5 big-ip_application_acceleration_manager 16.1.2
f5 big-ip_fraud_protection_service 16.1.2
f5 big-ip_edge_gateway 16.1.2
f5 big-ip_local_traffic_manager 15.1.4.1
f5 big-ip_application_security_manager 16.1.2
f5 big-ip_domain_name_system 16.1.2
f5 big-ip_global_traffic_manager 15.1.4.1
f5 big-ip_advanced_web_application_firewall 14.1.5
f5 big-ip_webaccelerator 15.1.4.1
f5 big-ip_analytics 15.1.4.1
f5 big-ip_application_security_manager 14.1.5
f5 big-ip_global_traffic_manager 14.1.5
f5 big-ip_edge_gateway 15.1.4.1
f5 big-ip_advanced_web_application_firewall 16.1.2
f5 big-ip_carrier-grade_nat 16.1.2
f5 big-ip_domain_name_system 15.1.4.1
f5 big-ip_advanced_firewall_manager 16.1.2
f5 big-ip_carrier-grade_nat 14.1.5
f5 big-ip_advanced_firewall_manager 15.1.4.1
f5 big-ip_websafe 16.1.2
f5 big-ip_advanced_firewall_manager 14.1.5
f5 big-ip_local_traffic_manager 14.1.5
f5 big-ip_analytics 16.1.2
f5 big-ip_fraud_protection_service 15.1.4.1
f5 big-ip_application_security_manager 15.1.4.1
f5 big-ip_ssl_orchestrator 15.1.4.1
f5 big-ip_policy_enforcement_manager 16.1.2
f5 big-ip_application_acceleration_manager 15.1.4.1
f5 big-ip_ddos_hybrid_defender 14.1.5
f5 big-ip_webaccelerator 14.1.5
f5 big-ip_local_traffic_manager 16.1.2
f5 big-ip_access_policy_manager 14.1.5
f5 big-ip_application_acceleration_manager 14.1.5
f5 big-ip_policy_enforcement_manager 14.1.5
f5 big-ip_carrier-grade_nat 15.1.4.1
f5 big-ip_ddos_hybrid_defender 15.1.4.1
f5 big-ip_access_policy_manager 15.1.4.1
f5 big-ip_edge_gateway 14.1.5
f5 big-ip_policy_enforcement_manager 15.1.4.1
f5 big-ip_link_controller 16.1.2
f5 big-ip_ssl_orchestrator 16.1.2
f5 big-ip_ddos_hybrid_defender 16.1.2
f5 big-ip_websafe 15.1.4.1
f5 big-ip_application_visibility_and_reporting 15.1.4.1
f5 big-ip_next_service_proxy_for_kubernetes 1.5.0
f5 big-ip_advanced_web_application_firewall 15.1.4.1
f5 big-ip_application_visibility_and_reporting 16.1.2
f5 big-ip_link_controller 14.1.5
f5 big-ip_access_policy_manager 16.1.2
f5 big-ip_analytics 14.1.5
f5 big-ip_ssl_orchestrator 14.1.5
f5 big-ip_application_visibility_and_reporting 14.1.5
CVE-2023-27378

Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-27727

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.

Products Affected

Vendor Product Version
f5 njs 0.7.10
CVE-2023-27728

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.

Products Affected

Vendor Product Version
f5 njs 0.7.10
CVE-2023-27729

Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.

Products Affected

Vendor Product Version
f5 njs 0.7.10
CVE-2023-27730

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.

Products Affected

Vendor Product Version
f5 njs 0.7.10
CVE-2023-28406

A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-28656

NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
netapp cloud_backup -
f5 nginx_api_connectivity_manager *
f5 nginx_security_monitoring *
f5 nginx_instance_manager *
netapp ontap_select_deploy -
CVE-2023-28724

NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

Products Affected

Vendor Product Version
f5 nginx_api_connectivity_manager *
f5 nginx_security_monitoring *
f5 nginx_instance_manager *
CVE-2023-28742

When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
f5 big-ip_domain_name_system *
CVE-2023-29163

When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_application_visibility_and_reporting 17.0.0
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_carrier-grade_nat 17.0.0
f5 big-ip_webaccelerator 17.0.0
f5 big-ip_fraud_protection_service 17.0.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_analytics 17.0.0
f5 big-ip_ddos_hybrid_defender 17.0.0
f5 big-ip_policy_enforcement_manager 17.0.0
f5 big-ip_websafe *
f5 big-ip_ssl_orchestrator 17.0.0
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
f5 big-ip_application_acceleration_manager 17.0.0
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_websafe 17.0.0
f5 big-ip_link_controller 17.0.0
f5 big-ip_edge_gateway 17.0.0
f5 big-ip_advanced_firewall_manager 17.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_advanced_web_application_firewall 17.0.0
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_domain_name_system 17.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_application_security_manager 17.0.0
f5 big-ip_global_traffic_manager 17.0.0
f5 big-ip_local_traffic_manager 17.0.0
CVE-2023-29240

An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

Products Affected

Vendor Product Version
f5 big-iq_centralized_management *
CVE-2023-3470

Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account.  The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information required to generate the correct password.  On vCMP systems, all Guests share the same deterministic password, allowing those with TMSH access on one Guest to access keys of a different Guest. The following BIG-IP hardware platforms are affected: 10350v-F, i5820-DF, i7820-DF, i15820-DF, 5250v-F, 7200v-F, 10200v-F, 6900-F, 8900-F, 11000-F, and 11050-F. The BIG-IP rSeries r5920-DF and r10920-DF are not affected, nor does the issue affect software FIPS implementations or network HSM configurations. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_10350v-f_firmware -
f5 big-ip_7200v-f_firmware -
f5 big-ip_11050-f_firmware -
f5 big-ip_application_security_manager *
f5 big-ip_link_controller 15.1.0
f5 big-ip_domain_name_system *
f5 big-ip_webaccelerator *
f5 big-ip_application_acceleration_manager 15.1.0
f5 big-ip_webaccelerator 15.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
f5 big-ip_advanced_firewall_manager 15.1.0
f5 big-ip_ddos_hybrid_defender 15.1.0
f5 big-ip_carrier-grade_nat 15.1.0
f5 big-ip_access_policy_manager 15.1.0
f5 big-ip_domain_name_system 15.1.0
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_security_manager 15.1.0
f5 big-ip_10200v-f_firmware -
f5 big-ip_websafe 15.1.0
f5 big-ip_global_traffic_manager *
f5 big-ip_ssl_orchestrator 15.1.0
f5 big-ip_access_policy_manager *
f5 big-ip_8900-f_firmware -
f5 big-ip_websafe *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_i15820-df_firmware -
f5 big-ip_6900-f_firmware -
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_application_visibility_and_reporting 15.1.0
f5 big-ip_i5820-df_firmware -
f5 big-ip_i7820-df_firmware -
f5 big-ip_fraud_protection_service 15.1.0
f5 big-ip_global_traffic_manager 15.1.0
f5 big-ip_local_traffic_manager 15.1.0
f5 big-ip_advanced_web_application_firewall 15.1.0
f5 big-ip_11000-f_firmware -
f5 big-ip_advanced_firewall_manager *
f5 big-ip_policy_enforcement_manager 15.1.0
f5 big-ip_5250v-f_firmware -
f5 big-ip_edge_gateway 15.1.0
f5 big-ip_analytics 15.1.0
CVE-2023-36494

Audit logs on F5OS-A may contain undisclosed sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
f5 f5os-a 1.4.0
CVE-2023-36858

An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 access_policy_manager_clients *
CVE-2023-38138

A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-38418

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 access_policy_manager_clients *
CVE-2023-38419

An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-38423

A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-39447

When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_guided_configuration 6.0
f5 big-ip_access_policy_manager 17.0.0
f5 big-ip_guided_configuration *
f5 big-ip_guided_configuration 8.0
CVE-2023-40534

When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 17.1.0
f5 big-ip_policy_enforcement_manager 17.1.0
f5 big-ip_analytics 17.1.0
f5 big-ip_ddos_hybrid_defender 17.1.0
f5 big-ip_application_visibility_and_reporting 17.1.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_advanced_firewall_manager 17.1.0
f5 big-ip_webaccelerator 17.1.0
f5 big-ip_websafe 17.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_carrier-grade_nat 17.1.0
f5 big-ip_next_service_proxy_for_kubernetes *
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_advanced_web_application_firewall 17.1.0
f5 big-ip_edge_gateway 17.1.0
f5 big-ip_application_security_manager 17.1.0
f5 big-ip_global_traffic_manager 17.1.0
f5 big-ip_link_controller 17.1.0
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_local_traffic_manager 17.1.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_access_policy_manager 17.1.0
f5 big-ip_domain_name_system 17.1.0
f5 big-ip_global_traffic_manager *
f5 big-ip_fraud_protection_service 17.1.0
f5 big-ip_ssl_orchestrator 17.1.0
CVE-2023-40537

An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-40542

When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-41085

When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-41253

When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_domain_name_system *
CVE-2023-41373

A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-41964

The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
f5sirt@f5.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-42768

When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-43124

BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.3 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 1.6 3.6
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 2.8 4.2

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager_client *
f5 big-ip_access_policy_manager 17.1.0
f5 big-ip_access_policy_manager 13.1.5.1
CVE-2023-43125

BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 1.6 5.2
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager_client *
f5 big-ip_access_policy_manager 17.1.0
f5 big-ip_access_policy_manager 13.1.5.1
CVE-2023-43485

When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-43611

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.  This vulnerability is due to an incomplete fix for CVE-2023-38418.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-43746

When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system.  A successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.7 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 2.3 5.8

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 38
redhat openshift_service_mesh 2.0
f5 big-ip_analytics 17.1.0
redhat cert-manager_operator_for_red_hat_openshift -
fedoraproject fedora 37
f5 big-ip_application_security_manager *
envoyproxy envoy 1.24.10
redhat cryostat 2.0
f5 big-ip_webaccelerator *
redhat web_terminal -
traefik traefik *
f5 big-ip_next_service_proxy_for_kubernetes *
microsoft .net *
microsoft cbl-mariner *
f5 big-ip_advanced_web_application_firewall 17.1.0
debian debian_linux 10.0
redhat certification_for_red_hat_enterprise_linux 9.0
cisco unified_contact_center_management_portal -
microsoft azure_kubernetes_service *
f5 big-ip_application_security_manager 17.1.0
redhat build_of_quarkus -
redhat 3scale_api_management_platform 2.0
varnish_cache_project varnish_cache *
f5 big-ip_local_traffic_manager 17.1.0
apache apisix *
redhat migration_toolkit_for_containers -
redhat node_healthcheck_operator -
f5 big-ip_domain_name_system 17.1.0
redhat cost_management -
f5 big-ip_next 20.0.1
f5 big-ip_ssl_orchestrator 17.1.0
cisco iot_field_network_director *
f5 big-ip_policy_enforcement_manager 17.1.0
redhat openshift_secondary_scheduler_operator -
redhat machine_deletion_remediation_operator -
nghttp2 nghttp2 *
golang go *
cisco crosswork_data_gateway *
redhat integration_service_registry -
amazon opensearch_data_prepper *
f5 big-ip_webaccelerator 17.1.0
f5 big-ip_carrier-grade_nat 17.1.0
linkerd linkerd 2.14.1
redhat openshift_developer_tools_and_services -
redhat jboss_a-mq_streams -
redhat decision_manager 7.0
cisco unified_contact_center_domain_manager -
cisco ios_xe *
cisco business_process_automation *
f5 nginx_plus r29
redhat jboss_a-mq 7
envoyproxy envoy 1.26.4
f5 big-ip_advanced_firewall_manager *
netapp astra_control_center -
konghq kong_gateway *
cisco unified_contact_center_enterprise -
redhat build_of_optaplanner 8.0
linecorp armeria *
f5 big-ip_application_acceleration_manager 17.1.0
redhat fence_agents_remediation_operator -
dena h2o *
f5 big-ip_domain_name_system *
redhat self_node_remediation_operator -
cisco telepresence_video_communication_server *
microsoft visual_studio_2022 *
f5 big-ip_application_acceleration_manager *
grpc grpc 1.57.0
redhat service_interconnect 1.0
f5 big-ip_analytics *
golang http2 *
f5 nginx_plus r30
redhat openshift_gitops -
redhat openshift -
redhat certification_for_red_hat_enterprise_linux 8.0
netty netty *
redhat quay 3.0.0
redhat openshift_container_platform_assisted_installer -
redhat ceph_storage 5.0
microsoft windows_10_1607 *
ietf http 2.0
cisco enterprise_chat_and_email -
cisco expressway *
redhat support_for_spring_boot -
microsoft windows_10_21h2 *
redhat jboss_fuse 6.0.0
f5 big-ip_ddos_hybrid_defender 17.1.0
redhat openshift_container_platform 4.0
redhat enterprise_linux 9.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager 17.1.0
jenkins jenkins *
microsoft windows_10_1809 *
golang networking *
redhat jboss_enterprise_application_platform 6.0.0
redhat advanced_cluster_security 4.0
redhat openstack_platform 17.1
apache traffic_server *
nodejs node.js *
f5 big-ip_access_policy_manager 17.1.0
apple swiftnio_http/2 *
cisco unified_attendant_console_advanced -
redhat satellite 6.0
f5 big-ip_fraud_protection_service 17.1.0
redhat jboss_enterprise_application_platform 7.0.0
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
cisco ios_xr *
grpc grpc *
facebook proxygen *
redhat process_automation 7.0
redhat jboss_core_services -
cisco crosswork_situation_manager -
cisco prime_cable_provisioning *
cisco secure_web_appliance_firmware *
kazu-yamamoto http2 *
linkerd linkerd 2.13.0
cisco secure_dynamic_attributes_connector *
cisco data_center_network_manager -
redhat openshift_data_science -
f5 nginx_plus *
cisco ultra_cloud_core_-_policy_control_function *
microsoft windows_server_2016 -
microsoft windows_server_2022 -
redhat integration_camel_k -
redhat advanced_cluster_security 3.0
redhat jboss_data_grid 7.0.0
redhat openshift_dev_spaces -
f5 nginx_ingress_controller *
apache tomcat *
microsoft asp.net_core *
debian debian_linux 11.0
redhat advanced_cluster_management_for_kubernetes 2.0
f5 big-ip_global_traffic_manager 17.1.0
redhat run_once_duration_override_operator -
redhat openshift_pipelines -
redhat logging_subsystem_for_red_hat_openshift -
eclipse jetty *
redhat node_maintenance_operator -
cisco prime_network_registrar *
redhat service_telemetry_framework 1.5
redhat single_sign-on 7.0
microsoft windows_11_22h2 *
netapp oncommand_insight -
akka http_server *
redhat openstack_platform 16.2
f5 big-ip_application_visibility_and_reporting 17.1.0
linkerd linkerd *
linkerd linkerd 2.14.0
redhat migration_toolkit_for_virtualization -
cisco unified_contact_center_enterprise_-_live_data_server *
cisco prime_infrastructure *
f5 big-ip_websafe 17.1.0
f5 big-ip_ssl_orchestrator *
redhat network_observability_operator -
apache tomcat 11.0.0
cisco fog_director *
istio istio *
microsoft windows_11_21h2 *
f5 nginx *
f5 big-ip_fraud_protection_service *
redhat enterprise_linux 6.0
f5 big-ip_ddos_hybrid_defender *
redhat openshift_distributed_tracing -
cisco ultra_cloud_core_-_serving_gateway_function *
f5 big-ip_global_traffic_manager *
redhat enterprise_linux 8.0
redhat ansible_automation_platform 2.0
openresty openresty *
redhat openshift_virtualization 4
f5 big-ip_access_policy_manager *
redhat openstack_platform 16.1
redhat integration_camel_for_spring_boot -
cisco nx-os *
apache solr *
envoyproxy envoy 1.25.9
cisco firepower_threat_defense *
microsoft windows_10_22h2 *
cisco crosswork_zero_touch_provisioning *
f5 big-ip_websafe *
debian debian_linux 12.0
f5 big-ip_application_visibility_and_reporting *
caddyserver caddy *
envoyproxy envoy 1.27.0
microsoft windows_server_2019 -
cisco ultra_cloud_core_-_policy_control_function 2024.01.0
redhat jboss_fuse 7.0.0
f5 big-ip_advanced_web_application_firewall *
redhat openshift_api_for_data_protection -
cisco secure_malware_analytics *
cisco prime_access_registrar *
linkerd linkerd 2.13.1
cisco connected_mobile_experiences *
redhat openshift_serverless -
f5 big-ip_link_controller 17.1.0
traefik traefik 3.0.0
cisco crosswork_data_gateway 5.0
redhat openshift_sandboxed_containers -
cisco ultra_cloud_core_-_session_management_function *
projectcontour contour *
redhat migration_toolkit_for_applications 6.0
CVE-2023-45219

Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-45226

The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2
f5sirt@f5.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
f5 big-ip_next_service_proxy_for_kubernetes 1.5.0
CVE-2023-45886

The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_next_service_proxy_for_kubernetes *
ipinfusion zebos *
f5 big-ip_global_traffic_manager *
f5 big-ip_next 20.0.1
f5 big-ip_next_cloud-native_network_functions *
CVE-2023-46747

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
f5sirt@f5.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_fraud_protection_services *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-46748

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_fraud_protection_services *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2023-5450

An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager 17.1.0
CVE-2024-10318

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they can force the session to associate it with the attacker-controlled account, leading to potential misuse of the victim's session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
f5 nginx_openid_connect *
f5 nginx_api_connectivity_manager *
f5 nginx_ingress_controller *
f5 nginx_instance_manager *
CVE-2024-21763

When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate.  NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
CVE-2024-21771

For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager 17.1.0
CVE-2024-21782

BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 17.1.0
f5 big-ip_application_security_manager 17.1.0
f5 big-ip_policy_enforcement_manager 17.1.0
f5 big-ip_global_traffic_manager 17.1.0
f5 big-ip_analytics 17.1.0
f5 big-ip_link_controller 17.1.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_local_traffic_manager 17.1.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_access_policy_manager 17.1.0
f5 big-ip_advanced_firewall_manager 17.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_domain_name_system 17.1.0
f5 big-ip_global_traffic_manager *
f5 big-ip_fraud_protection_service 17.1.0
f5 big-ip_analytics *
CVE-2024-21789

When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2024-21793

An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_next_central_manager *
CVE-2024-21849

When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2024-22093

When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.7 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 2.3 5.8

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 17.1.0
f5 big-ip_application_security_manager 17.1.0
f5 big-ip_policy_enforcement_manager 17.1.0
f5 big-ip_global_traffic_manager 17.1.0
f5 big-ip_analytics 17.1.0
f5 big-ip_link_controller 17.1.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_local_traffic_manager 17.1.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_access_policy_manager 17.1.0
f5 big-ip_advanced_firewall_manager 17.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_domain_name_system 17.1.0
f5 big-ip_global_traffic_manager *
f5 big-ip_fraud_protection_service 17.1.0
f5 big-ip_analytics *
CVE-2024-22389

When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 17.1.0
f5 big-ip_application_security_manager 17.1.0
f5 big-ip_policy_enforcement_manager 17.1.0
f5 big-ip_global_traffic_manager 17.1.0
f5 big-ip_analytics 17.1.0
f5 big-ip_link_controller 17.1.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_local_traffic_manager 17.1.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_access_policy_manager 17.1.0
f5 big-ip_advanced_firewall_manager 17.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_domain_name_system 17.1.0
f5 big-ip_global_traffic_manager *
f5 big-ip_fraud_protection_service 17.1.0
f5 big-ip_analytics *
CVE-2024-23306

A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 1.8 2.5

Products Affected

Vendor Product Version
f5 big-ip_next_cloud-native_network_functions *
CVE-2024-23308

When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with "Apply value and content signatures and detect threat campaigns."  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2024-23314

When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 17.1.0
f5 big-ip_policy_enforcement_manager 17.1.0
f5 big-ip_analytics 17.1.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-iq_centralized_management *
f5 big-ip_advanced_firewall_manager 17.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_next_service_proxy_for_kubernetes *
f5 big-ip_analytics *
f5 big-ip_application_security_manager 17.1.0
f5 big-ip_global_traffic_manager 17.1.0
f5 big-ip_link_controller 17.1.0
f5 big-ip_fraud_protection_service *
f5 big-ip_local_traffic_manager 17.1.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_access_policy_manager 17.1.0
f5 big-ip_domain_name_system 17.1.0
f5 big-ip_global_traffic_manager *
f5 big-ip_fraud_protection_service 17.1.0
CVE-2024-23603

An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 3.8 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 1.2 2.5

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager 17.1.0
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_advanced_web_application_firewall 17.1.0
CVE-2024-23607

A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
f5 f5os-a *
f5 f5os-c *
CVE-2024-23805

Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. Note: The DB variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager 17.1.0
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_advanced_web_application_firewall 17.1.0
CVE-2024-23976

When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 17.1.0
f5 big-ip_application_security_manager 17.1.0
f5 big-ip_policy_enforcement_manager 17.1.0
f5 big-ip_global_traffic_manager 17.1.0
f5 big-ip_analytics 17.1.0
f5 big-ip_link_controller 17.1.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_local_traffic_manager 17.1.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_access_policy_manager 17.1.0
f5 big-ip_advanced_firewall_manager 17.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_domain_name_system 17.1.0
f5 big-ip_global_traffic_manager *
f5 big-ip_fraud_protection_service 17.1.0
f5 big-ip_analytics *
CVE-2024-23979

When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 17.1.0
f5 big-ip_application_security_manager 17.1.0
f5 big-ip_policy_enforcement_manager 17.1.0
f5 big-ip_global_traffic_manager 17.1.0
f5 big-ip_analytics 17.1.0
f5 big-ip_link_controller 17.1.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_local_traffic_manager 17.1.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_access_policy_manager 17.1.0
f5 big-ip_advanced_firewall_manager 17.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_domain_name_system 17.1.0
f5 big-ip_global_traffic_manager *
f5 big-ip_fraud_protection_service 17.1.0
f5 big-ip_analytics *
CVE-2024-23982

When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files.  NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_policy_enforcement_manager *
CVE-2024-24775

When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 17.1.0
f5 big-ip_application_security_manager 17.1.0
f5 big-ip_policy_enforcement_manager 17.1.0
f5 big-ip_global_traffic_manager 17.1.0
f5 big-ip_analytics 17.1.0
f5 big-ip_link_controller 17.1.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_local_traffic_manager 17.1.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-iq_centralized_management *
f5 big-ip_access_policy_manager 17.1.0
f5 big-ip_advanced_firewall_manager 17.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_domain_name_system 17.1.0
f5 big-ip_global_traffic_manager *
f5 big-ip_fraud_protection_service 17.1.0
f5 big-ip_analytics *
CVE-2024-24966

When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

Products Affected

Vendor Product Version
f5 f5os-a 1.2.0
f5 f5os-c *
CVE-2024-24989

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 nginx_open_source 1.25.3
f5 nginx_plus r31
CVE-2024-24990

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 nginx_plus r30
f5 nginx_open_source *
f5 nginx_plus r31
CVE-2024-25560

When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 17.1.0
f5 big-ip_policy_enforcement_manager 17.1.0
f5 big-ip_analytics 17.1.0
f5 big-ip_ddos_hybrid_defender 17.1.0
f5 big-ip_application_visibility_and_reporting 17.1.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_container_ingress_services 17.1.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_advanced_firewall_manager 17.1.0
f5 big-ip_webaccelerator 17.1.0
f5 big-ip_websafe 17.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_carrier-grade_nat 17.1.0
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_advanced_web_application_firewall 17.1.0
f5 big-ip_edge_gateway 17.1.0
f5 big-ip_application_security_manager 17.1.0
f5 big-ip_global_traffic_manager 17.1.0
f5 big-ip_link_controller 17.1.0
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_local_traffic_manager 17.1.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_container_ingress_services *
f5 big-ip_access_policy_manager 17.1.0
f5 big-ip_automation_toolchain 17.1.0
f5 big-ip_domain_name_system 17.1.0
f5 big-ip_global_traffic_manager *
f5 big-ip_fraud_protection_service 17.1.0
f5 big-ip_automation_toolchain *
f5 big-ip_ssl_orchestrator 17.1.0
f5 big-ip_next_cloud-native_network_functions *
CVE-2024-26026

An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_next_central_manager *
CVE-2024-27202

A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 1.6 2.7

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2024-28132

Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
f5 big-ip_next_cloud-native_network_functions *
CVE-2024-28883

An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager_client *
f5 big-ip_access_policy_manager 17.1.0
CVE-2024-28889

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 2.2 2.5

Products Affected

Vendor Product Version
fedoraproject fedora 39
f5 nginx_plus r30
f5 nginx_open_source *
fedoraproject fedora 40
f5 nginx_plus r31
CVE-2024-31156

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2024-32049

BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
f5 big-ip_next_central_manager *
CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5

Products Affected

Vendor Product Version
fedoraproject fedora 39
f5 nginx_plus r30
f5 nginx_open_source *
fedoraproject fedora 40
f5 nginx_plus r31
CVE-2024-32761

Under certain conditions, a data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. This leak occurs randomly and cannot be deliberately triggered. If it occurs, it may leak up to 64 bytes of non-contiguous randomized bytes. Under rare conditions, this may lead to a TMM restart, affecting availability.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H 2.2 4.2

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2024-33604

A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2024-33608

When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_edge_gateway 17.1.0
f5 big-ip_application_acceleration_manager 17.1.0
f5 big-ip_application_security_manager 17.1.0
f5 big-ip_policy_enforcement_manager 17.1.0
f5 big-ip_global_traffic_manager 17.1.0
f5 big-ip_analytics 17.1.0
f5 big-ip_ddos_hybrid_defender 17.1.0
f5 big-ip_application_visibility_and_reporting 17.1.0
f5 big-ip_link_controller 17.1.0
f5 big-ip_local_traffic_manager 17.1.0
f5 big-ip_container_ingress_services 17.1.0
f5 big-ip_access_policy_manager 17.1.0
f5 big-ip_advanced_firewall_manager 17.1.0
f5 big-ip_webaccelerator 17.1.0
f5 big-ip_websafe 17.1.0
f5 big-ip_automation_toolchain 17.1.0
f5 big-ip_carrier-grade_nat 17.1.0
f5 big-ip_domain_name_system 17.1.0
f5 big-ip_fraud_protection_service 17.1.0
f5 big-ip_advanced_web_application_firewall 17.1.0
f5 big-ip_ssl_orchestrator 17.1.0
CVE-2024-33612

An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 1.6 5.2

Products Affected

Vendor Product Version
f5 big-ip_next_central_manager *
CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
fedoraproject fedora 39
f5 nginx_plus r30
f5 nginx_open_source *
fedoraproject fedora 40
f5 nginx_plus r31
CVE-2024-35200

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
fedoraproject fedora 39
f5 nginx_plus r30
f5 nginx_open_source *
fedoraproject fedora 40
f5 nginx_plus r31
CVE-2024-3661

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
9119a7d8-5eab-497f-8521-727c672e3725 7.6 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 2.8 4.7

Products Affected

Vendor Product Version
citrix secure_access_client *
cisco anyconnect_vpn_client -
watchguard mobile_vpn_with_ssl *
f5 big-ip_access_policy_manager *
cisco secure_client -
fortinet forticlient 7.4.0
paloaltonetworks globalprotect *
fortinet forticlient *
zscaler client_connector *
watchguard ipsec_mobile_vpn_client *
zscaler client_connector -
CVE-2024-45844

BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2024-47139

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
f5 big-iq_centralized_management 8.2.0
CVE-2024-7347

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6

Products Affected

Vendor Product Version
f5 nginx_open_source 1.27.0
f5 nginx_plus r32
f5 nginx_plus *
f5 nginx_open_source *
f5 nginx_plus r31
CVE-2024-7634

NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

Products Affected

Vendor Product Version
f5 nginx_agent *
f5 nginx_instance_manager *
CVE-2025-14727

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L 2.8 5.5

Products Affected

Vendor Product Version
f5 nginx_ingress_controller 5.3.0
CVE-2025-1695

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service (DoS).  There is no control plane exposure; this is a data plane issue only.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
f5 nginx_unit *
f5 nginx *
CVE-2025-20029

Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-20045

When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-20058

When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-21087

When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-21091

When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-22846

When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_next_service_proxy_for_kubernetes 1.8.2
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_next_service_proxy_for_kubernetes *
f5 big-ip_global_traffic_manager *
f5 big-ip_next_service_proxy_for_kubernetes 1.9.0
f5 big-ip_next_service_proxy_for_kubernetes 1.8.0
f5 big-ip_next_service_proxy_for_kubernetes 1.8.1
f5 big-ip_analytics *
CVE-2025-22891

When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_policy_enforcement_manager *
CVE-2025-23239

When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.7 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 2.3 5.8

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager 17.1.1
f5 big-ip_application_acceleration_manager 17.1.1
f5 big-ip_application_security_manager 17.1.1
f5 big-ip_link_controller 17.1.1
f5 big-ip_policy_enforcement_manager 17.1.1
f5 big-ip_domain_name_system 17.1.1
f5 big-ip_local_traffic_manager 17.1.1
f5 big-ip_analytics 17.1.1
f5 big-ip_fraud_protection_service 17.1.1
f5 big-ip_access_policy_manager 17.1.1
f5 big-ip_global_traffic_manager 17.1.1
CVE-2025-23412

When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2025-23413

When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
f5 big-ip_next_central_manager *
CVE-2025-23415

An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connection initiated thru BIG-IP APM browser network access VPN client for Windows, macOS and Linux. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N 1.6 1.4

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
debian debian_linux 11.0
f5 nginx_plus r32
f5 nginx_plus *
f5 nginx *
f5 nginx_plus r33
CVE-2025-24312

When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
f5 big-ip_next_cloud-native_network_functions *
CVE-2025-24319

When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
f5 big-ip_next_central_manager *
CVE-2025-24320

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. This vulnerability is due to an incomplete fix for CVE-2024-31156 https://my.f5.com/manage/s/article/K000138636 .  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-24326

When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
CVE-2025-24497

When URL categorization is configured on a virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_policy_enforcement_manager *
CVE-2025-31644

When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.7 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 2.3 5.8

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-35995

When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_policy_enforcement_manager *
CVE-2025-36504

When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_next_service_proxy_for_kubernetes *
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_next_central_manager 20.2.0
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_next_central_manager 20.2.1
f5 big-ip_container_ingress_services *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_next_cloud-native_network_functions *
CVE-2025-36525

When a BIG-IP APM virtual server is configured to use a PingAccess profile, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2025-36546

On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH private key.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
f5 f5os-a *
f5 f5os-c *
CVE-2025-36557

When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_next_service_proxy_for_kubernetes *
f5 big-ip_global_traffic_manager *
f5 big-ip_analytics *
f5 big-ip_next_cloud-native_network_functions *
CVE-2025-41399

When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 17.1.0
f5 big-ip_policy_enforcement_manager 17.1.0
f5 big-ip_analytics 17.1.0
f5 big-ip_ddos_hybrid_defender 17.1.0
f5 big-ip_application_visibility_and_reporting 17.1.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_container_ingress_services 17.1.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_advanced_firewall_manager 17.1.0
f5 big-ip_webaccelerator 17.1.0
f5 big-ip_websafe 17.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_carrier-grade_nat 17.1.0
f5 big-ip_next_service_proxy_for_kubernetes *
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_advanced_web_application_firewall 17.1.0
f5 big-ip_edge_gateway 17.1.0
f5 big-ip_application_security_manager 17.1.0
f5 big-ip_global_traffic_manager 17.1.0
f5 big-ip_next_central_manager 20.2.0
f5 big-ip_link_controller 17.1.0
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_local_traffic_manager 17.1.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_container_ingress_services *
f5 big-ip_access_policy_manager 17.1.0
f5 big-ip_automation_toolchain 17.1.0
f5 big-ip_domain_name_system 17.1.0
f5 big-ip_global_traffic_manager *
f5 big-ip_fraud_protection_service 17.1.0
f5 big-ip_automation_toolchain *
f5 big-ip_ssl_orchestrator 17.1.0
f5 big-ip_next_cloud-native_network_functions *
CVE-2025-41414

When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_next_service_proxy_for_kubernetes *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_next_cloud-native_network_functions *
CVE-2025-41430

When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_ssl_orchestrator 17.5.0
f5 big-ip_ssl_orchestrator *
CVE-2025-41431

When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_fraud_protection_service 17.1.2
f5 big-ip_access_policy_manager 17.1.2
f5 big-ip_domain_name_system 17.1.2
f5 big-ip_analytics 17.1.2
f5 big-ip_application_security_manager 17.1.2
f5 big-ip_policy_enforcement_manager 17.1.2
f5 big-ip_advanced_firewall_manager 17.1.2
f5 big-ip_application_acceleration_manager 17.1.2
f5 big-ip_link_controller 17.1.2
f5 big-ip_local_traffic_manager 17.1.2
f5 big-ip_global_traffic_manager 17.1.2
CVE-2025-41433

When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-43878

When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2

Products Affected

Vendor Product Version
f5 f5os-a *
f5 f5os-c *
CVE-2025-46265

On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
f5 f5os-a 1.5.1
f5 f5os-c *
CVE-2025-46405

When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2025-46706

When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_next_service_proxy_for_kubernetes *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_next_cloud-native_network_functions *
CVE-2025-47148

When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_ssl_orchestrator 17.5.0
f5 big-ip_ssl_orchestrator *
f5 big-ip_access_policy_manager 17.5.0
CVE-2025-47150

When SNMP is configured on F5OS Appliance and Chassis systems, undisclosed requests can cause an increase in SNMP memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
f5 f5os-a *
f5 f5os-c *
CVE-2025-48008

When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_next_service_proxy_for_kubernetes *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_next_cloud-native_network_functions *
CVE-2025-48500

A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager_client 7.2.5
CVE-2025-52585

When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-53474

When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-53521

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-53856

When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  To determine which BIG-IP platforms have an ePVA chip refer to K12837: Overview of the ePVA feature https://my.f5.com/manage/s/article/K12837 .  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

Products Affected

Vendor Product Version
f5 nginx_plus r32
f5 nginx_plus r30
f5 nginx_open_source *
f5 nginx_plus r33
f5 nginx_plus r31
f5 nginx_plus r34
CVE-2025-53860

A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information on F5 rSeries systems.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 0.5 3.6
nvd@nist.gov 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 0.5 3.6

Products Affected

Vendor Product Version
f5 f5os-a 1.8.0
f5 f5os-a *
CVE-2025-53868

When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0
f5sirt@f5.com 8.7 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 2.3 5.8

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-54479

When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_next_cloud-native_network_functions 2.0.1
f5 big-ip_policy_enforcement_manager *
f5 big-ip_next_cloud-native_network_functions 2.1.0
f5 big-ip_policy_enforcement_manager 17.5.0
f5 big-ip_next_for_kubernetes 2.0.0
f5 big-ip_next_cloud-native_network_functions 2.0.0
f5 big-ip_next_for_kubernetes 2.1.0
f5 big-ip_next_cloud-native_network_functions *
f5 big-ip_next_cloud-native_network_functions 2.0.2
CVE-2025-54500

An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_next_central_manager 20.3.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_next_service_proxy_for_kubernetes *
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
f5 big-ip_next_for_kubernetes 2.0.0
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_container_ingress_services *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 silverline *
f5 big-ip_next_cloud-native_network_functions *
CVE-2025-54755

A directory traversal vulnerability exists in TMUI that allows a highly privileged authenticated attacker to access files which are not limited to the intended files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-54805

When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase in the Traffic Management Microkernel (TMM) memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
f5 big-ip_next_service_proxy_for_kubernetes *
f5 big-ip_next_for_kubernetes 2.0.0
f5 big-ip_next_cloud-native_network_functions *
CVE-2025-54809

F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
f5 f5_access *
CVE-2025-54854

When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2025-54858

When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-55036

When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_ssl_orchestrator *
CVE-2025-55669

When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
CVE-2025-55670

On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed API calls can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
f5 big-ip_next_service_proxy_for_kubernetes *
f5 big-ip_next_for_kubernetes 2.0.0
f5 big-ip_next_cloud-native_network_functions *
CVE-2025-57780

A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges.  A successful exploit may allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
f5 f5os-a 1.8.0
f5 f5os-a *
f5 f5os-c *
CVE-2025-58071

When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_domain_name_system 17.5.0
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 17.5.0
f5 big-ip_advanced_firewall_manager 17.5.0
f5 big-ip_automation_toolchain 17.5.0
f5 big-ip_global_traffic_manager 17.5.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_advanced_web_application_firewall 17.5.0
f5 big-ip_access_policy_manager 17.5.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_webaccelerator 17.5.0
f5 big-ip_ssl_orchestrator *
f5 big-ip_application_visibility_and_reporting 17.5.0
f5 big-ip_analytics *
f5 big-ip_policy_enforcement_manager 17.5.0
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_analytics 17.5.0
f5 big-ip_websafe 17.5.0
f5 big-ip_fraud_protection_service 17.5.0
f5 big-ip_carrier-grade_nat 17.5.0
f5 big-ip_link_controller 17.5.0
f5 big-ip_application_security_manager 17.5.0
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_container_ingress_services 17.5.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_container_ingress_services *
f5 big-ip_ssl_orchestrator 17.5.0
f5 big-ip_next_for_kubernetes *
f5 big-ip_edge_gateway 17.5.0
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_ddos_hybrid_defender 17.5.0
f5 big-ip_local_traffic_manager 17.5.0
f5 big-ip_next_cloud-native_network_functions *
CVE-2025-58096

When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-58120

When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_next_service_proxy_for_kubernetes 1.7.14
f5 big-ip_next_service_proxy_for_kubernetes *
f5 big-ip_next_for_kubernetes 2.0.0
f5 big-ip_next_service_proxy_for_kubernetes 2.0.0
f5 big-ip_next_cloud-native_network_functions 2.0.0
f5 big-ip_next_cloud-native_network_functions *
CVE-2025-58153

Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_domain_name_system 17.5.0
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 17.5.0
f5 big-ip_advanced_firewall_manager 17.5.0
f5 big-ip_automation_toolchain 17.5.0
f5 big-ip_global_traffic_manager 17.5.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_advanced_web_application_firewall 17.5.0
f5 big-ip_access_policy_manager 17.5.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_webaccelerator 17.5.0
f5 big-ip_ssl_orchestrator *
f5 big-ip_application_visibility_and_reporting 17.5.0
f5 big-ip_analytics *
f5 big-ip_policy_enforcement_manager 17.5.0
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_analytics 17.5.0
f5 big-ip_websafe 17.5.0
f5 big-ip_fraud_protection_service 17.5.0
f5 big-ip_carrier-grade_nat 17.5.0
f5 big-ip_link_controller 17.5.0
f5 big-ip_application_security_manager 17.5.0
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_container_ingress_services 17.5.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_container_ingress_services *
f5 big-ip_ssl_orchestrator 17.5.0
f5 big-ip_edge_gateway 17.5.0
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_ddos_hybrid_defender 17.5.0
f5 big-ip_local_traffic_manager 17.5.0
CVE-2025-58424

On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
f5sirt@f5.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 2.2 1.4

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-58474

When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery (SSRF) protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
f5sirt@f5.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-59268

On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-59269

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N 0.9 5.2

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-59478

When a BIG-IP AFM denial-of-service (DoS) protection profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager 17.5.0
CVE-2025-59481

A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges.  A successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.7 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 2.3 5.8
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-59483

A validation vulnerability exists in an undisclosed URL in the Configuration utility.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 1.2 5.2
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 1.2 5.2

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-59778

When the Allowed IP Addresses feature is configured on the F5OS-C partition control plane, undisclosed traffic can cause multiple containers to terminate.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 f5os-c *
CVE-2025-59781

When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_next_cloud-native_network_functions *
CVE-2025-60013

When a highly-privileged, authenticated attacker attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, arbitrary system commands may be executed, and the FIPS hardware security module (HSM) may fail to initialize. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
f5sirt@f5.com 5.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L 1.5 3.7

Products Affected

Vendor Product Version
f5 f5os-a 1.8.0
f5 f5os-a *
CVE-2025-60015

An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
f5 f5os-a 1.8.0
f5 f5os-a *
f5 f5os-c *
CVE-2025-60016

When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and that profile is applied to a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_next_service_proxy_for_kubernetes *
f5 big-ip_next_cloud-native_network_functions *
CVE-2025-61933

A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2025-61935

When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager 17.5.0
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_advanced_web_application_firewall 17.5.0
CVE-2025-61938

When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager 17.5.0
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_advanced_web_application_firewall 17.5.0
CVE-2025-61951

Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  This issue may occur when a Datagram Transport Layer Security (DTLS) 1.2 virtual server is enabled with a Server SSL profile that is configured with a certificate, key, and the SSL Sign Hash set to ANY, and the backend server is enabled with DTLS 1.2 and client authentication.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_domain_name_system 17.5.0
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_acceleration_manager 17.5.0
f5 big-ip_advanced_firewall_manager 17.5.0
f5 big-ip_automation_toolchain 17.5.0
f5 big-ip_global_traffic_manager 17.5.0
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_advanced_web_application_firewall 17.5.0
f5 big-ip_access_policy_manager 17.5.0
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_webaccelerator 17.5.0
f5 big-ip_ssl_orchestrator *
f5 big-ip_application_visibility_and_reporting 17.5.0
f5 big-ip_analytics *
f5 big-ip_policy_enforcement_manager 17.5.0
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_analytics 17.5.0
f5 big-ip_websafe 17.5.0
f5 big-ip_fraud_protection_service 17.5.0
f5 big-ip_carrier-grade_nat 17.5.0
f5 big-ip_link_controller 17.5.0
f5 big-ip_application_security_manager 17.5.0
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_container_ingress_services 17.5.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_container_ingress_services *
f5 big-ip_ssl_orchestrator 17.5.0
f5 big-ip_edge_gateway 17.5.0
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_ddos_hybrid_defender 17.5.0
f5 big-ip_local_traffic_manager 17.5.0
CVE-2025-61955

A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges.  A successful exploit may allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
f5 f5os-a 1.8.0
f5 f5os-a *
f5 f5os-c *
CVE-2025-61958

A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell.  For BIG-IP systems running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0
f5sirt@f5.com 8.7 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 2.3 5.8

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2025-61960

When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
CVE-2025-61974

When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_next_service_proxy_for_kubernetes *
f5 big-ip_next_for_kubernetes 2.0.0
f5 big-ip_next_for_kubernetes 2.1.0
f5 big-ip_next_cloud-native_network_functions *
CVE-2025-61990

When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_websafe *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_edge_gateway *
f5 big-ip_application_acceleration_manager *
f5 big-ip_next_service_proxy_for_kubernetes *
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_fraud_protection_service *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_container_ingress_services *
f5 big-ip_next_for_kubernetes *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_next_cloud-native_network_functions *
CVE-2026-1642

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

Products Affected

Vendor Product Version
f5 nginx_plus r36
f5 nginx_plus r32
f5 nginx_plus r35
f5 nginx_ingress_controller *
f5 nginx_plus *
f5 nginx_open_source *
f5 nginx_plus r33
f5 nginx_gateway_fabric *
f5 nginx_plus r34
f5 nginx_instance_manager *
CVE-2026-20730

A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager_client *
f5 big-ip_access_policy_manager 17.5.1
f5 big-ip_access_policy_manager 17.5.0
CVE-2026-20732

A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N 1.6 1.4

Products Affected

Vendor Product Version
f5 big-ip_carrier-grade_nat *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_fraud_protection_service *
f5 big-ip_websafe *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_link_controller *
f5 big-ip_webaccelerator *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_edge_gateway *
f5 big-ip_container_ingress_services *
f5 big-ip_application_acceleration_manager *
f5 big-ip_ssl_orchestrator *
f5 big-ip_global_traffic_manager *
f5 big-ip_automation_toolchain *
f5 big-ip_analytics *
f5 big-ip_advanced_web_application_firewall *
CVE-2026-22548

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
f5 big-ip_application_security_manager *
f5 big-ip_advanced_web_application_firewall *
CVE-2026-22549

A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
f5 big-ip_container_ingress_services *
CVE-2026-27651

When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
f5 nginx_plus r36
f5 nginx_plus r32
f5 nginx_plus r35
f5 nginx_plus *
f5 nginx_open_source *
CVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV module MOVE or COPY methods, prefix location (nonregular expression location configuration), and alias directives. The integrity impact is constrained because the NGINX worker process user has low privileges and does not have access to the entire system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2

Products Affected

Vendor Product Version
f5 nginx_plus r36
f5 nginx_plus r32
f5 nginx_plus r35
f5 nginx_open_source *
f5 nginx_plus r33
f5 nginx_plus r34
CVE-2026-27784

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
f5 nginx_open_source *
CVE-2026-28753

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 2.2 1.4

Products Affected

Vendor Product Version
f5 nginx_plus r36
f5 nginx_plus r32
f5 nginx_plus r35
f5 nginx_open_source *
f5 nginx_plus r33
f5 nginx_plus r34
CVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affects NGINX Open Source and NGINX Plus if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
f5sirt@f5.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
f5 nginx_plus r36
f5 nginx_plus r32
f5 nginx_plus r35
f5 nginx_open_source *
f5 nginx_plus r33
f5 nginx_plus r34