Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Vulnerabilities fixed in F5 BIG-IP and BIG-IQ

🗓️ 16 Feb 2024 00:00:00Reported by NCSCType 
ncsc
 ncsc🔗 advisories.ncsc.nl👁 8 Views

F5 fixed BIG-IP and BIG-IQ vulnerabilities enabling DoS or command-injection to manipulate system; updates released.

Related
ReporterTitlePublishedViews
Family
BDU FSTEC		The vulnerability of HTTP/3 QUIC modules in NGINX Plus and NGINX OSS web servers allows attackers to cause service interruptions.
15 Feb 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the ngx_http_v3_module in NGINX and NGINX Plus servers allows a hacker to cause a service failure.
15 Feb 202400:00
bdu_fstec
BDU FSTEC		The vulnerabilities of the BIG-IP Access Policy Manager, as well as of other software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, and BIG-IP Webaccelerator, are related to unlimited resource allocation. This allows attackers to cause service interruptions.
4 Mar 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the SCP utility for access control and remote authentication, as well as software such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe—is related to unlimited resource distribution. This allows attackers to execute arbitrary commands.
4 Mar 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the LDAP protocol implementation in F5OS-A operating systems, hardware devices of the F5 rSeries, and F5OS-C application delivery controllers of F5 VELOS allows a hacker to circumvent security restrictions.
12 Apr 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the BIG-IP Access Policy Manager, as well as software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Domain Name System, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IQ Centralized Management, lies in the lack of measures taken to perform data cleaning at the management level. This allows attackers to circumvent existing security restrictions.
15 Apr 202500:00
bdu_fstec
FreeBSD		nginx-devel -- Multiple Vulnerabilities in HTTP/3
14 Feb 202400:00
freebsd
Chainguard		CVE-2024-24989 vulnerabilities
14 Feb 202417:15
cgr
Chainguard		CVE-2024-24990 vulnerabilities
14 Feb 202417:15
cgr
Circl		CVE-2024-21771
24 Mar 202519:23
circl
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Feb 2024 00:00Current
8.5High risk
Vulners AI Score8.5
CVSS 3.18.7
EPSS0.00831
SSVC
vulnerabilitiesdenial of servicecommand injectionupdates releasedbig ip
8