224 matches found
F5 BIG-IP Edge Gateway 安全漏洞
F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A security bypass vulnerability exists in the F5 BIG-IP Edge Client for Windows and macOS, which can be exploited by an attack...
F5 BIG-IP Edge Gateway 信任管理问题漏洞
F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A security bypass vulnerability exists in F5 BIG-IP Edge Client for Windows and macOS, which stems from incorrect certificate...
PT-2023-19621 · F5 · Big-Ip Edge Client
Name of the Vulnerable Software and Affected Versions: BIG-IP Edge Client for Windows and macOS affected versions not specified Description: An improper certificate validation issue exists and may allow an attacker to impersonate a BIG-IP APM system. Recommendations: At the moment, there is no...
F5 BIG-IP Edge Client Windows Component Installer 7.2.x < 7.2.3.1 DLL Hijacking (K07143733)
The version of the Big-IP Edge Client Windows Component Installer installed on the remote Windows host is 7.2.2.x or 7.2.3.x before 7.2.3.1. It is, therefore, affected by a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are...
F5 Networks BIG-IP : BIG-IP Edge Client for Windows vulnerability (K76964818)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.8.2 / 16.1.3.4 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K76964818 advisory. A DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer.CVE-2023-2235...
K51220077: BIG-IP APM Edge Client vulnerability CVE-2018-15316
Security Advisory Description The BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks. CVE-2018-15316 Impact A malicious user can exploit this vulnerability on the APM Edge Client by injecting a library file which will be loaded by the...
K57110035: BIG-IP APM Edge Client for Windows logging vulnerability CVE-2022-27636
Security Advisory Description BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. CVE-2022-27636 Impact An attacker with privileges on the Windows system can view the logged sensitive APM session-related information. Security Advisory...
K20346072: BIG-IP Edge Client for Windows vulnerability CVE-2020-5897
Security Advisory Description A use-after-free memory vulnerability exists in the BIG-IP Edge Client Windows ActiveX component. CVE-2020-5897 Impact This vulnerability allows an attacker to trigger memory corruption to the browser or execute code from the browser when the attacker crafts a...
K15478554: BIG-IP Edge Client for Windows vulnerability CVE-2020-5896
Security Advisory Description The BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions, and allows execution of signed .exe and MSI files. CVE-2020-5896 Impact This vulnerability can be exploited to allow an unprivileged user to gain privilege...
K55102004: BIG-IP Edge Client for Windows vulnerability CVE-2020-5855
Security Advisory Description When the Windows Logon Integration feature is configured for BIG-IP Edge Client, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user. CVE-2020-5855 Impact Attackers may be able to bypass...
K15838353: BIG-IP Edge Client for Windows vulnerability CVE-2020-5892
Security Advisory Description The BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory. CVE-2020-5892 Impact An attacker with sufficient local privileges on a client machine running Windows may be able to...
K33552735: BIG-IP Edge Client for Windows vulnerability CVE-2022-29263
Security Advisory Description The BIG-IP Edge Client Component Installer Service does not use best practice while saving temporary files. CVE-2022-29263 Impact This vulnerability can be exploited to allow a low privileged attacker to gain privilege escalation on the client Windows system. Securit...
K14969: BIG-IP Edge and FirePass client information leakage vulnerability CVE-2013-6024
Security Advisory Description The Edge Client components in F5 BIG-IP APM, BIG-IP Edge Gateway, and FirePass allow attackers to obtain sensitive information from process memory via unspecified vectors. CVE-2013-6024 Impact An attacker with sufficient local privileges on a client machine running...
K08503505: BIG-IP Edge Client for Windows vulnerability CVE-2021-23022
Security Advisory Description The BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. CVE-2021-23022 Impact This vulnerability can be exploited to allow an unprivileged user to run a specially crafted application to gain privilege escalation on th...
K06635145: BIG-IP Edge Client session ID vulnerability
Security Advisory Description BIG-IP Edge Client exposes the current session ID as part of the request URI when sending Keep-Alive' requests over an SSL channel. This approach can lead to exploit vulnerabilities in man-in-the-middle MITM SSL terminating proxies, which log the complete URI in thei...
K97733133: BIG-IP APM Edge Client vulnerability CVE-2020-5893
Security Advisory Description When a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection. CVE-2020-5893 Impact An attacker can use a man-in-the-middle MITM atta...
K67501282: Overview of F5 vulnerabilities (June 2021)
Security Advisory Description On June 1, 2021, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated Security Advisory article...
K69154630: BIG-IP Edge Client for Windows vulnerability CVE-2020-5898
Security Advisory Description The BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to a \\.\urvpndrv device causing the Windows kernel to crash. CVE-2020-5898...
K30525503: BIG-IP APM Edge Client proxy vulnerability CVE-2022-23032
Security Advisory Description When proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. CVE-2022-23032 Impact DNS rebinding allows external attackers to bypass the same-origin...
K33757590: BIG-IP Edge Client for Windows vulnerability CVE-2021-23023
Security Advisory Description A DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. CVE-2021-23023 Impact This vulnerability may be exploited to allow an unprivileged user to use a malicious DLL to gain privilege escalation on the client Windows...