CVE-2023-22326

Vulnerability CVE-2023-22326 affects BIG-IP iControl REST and tmsh dig command. An authenticated attacker with resource administrator or administrator privileges can view sensitive information due to incorrect permission assignments in versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1...

CVE-2023-22326 iControl REST and tmsh vulnerability

In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell tmsh dig command which...

CVE-2022-26835

CVE-2022-26835 refers to directory traversal vulnerabilities in F5 BIG-IP where an authenticated user with at least resource administrator privileges can read arbitrary files via undisclosed iControl REST endpoints and tmsh commands in Guided Configuration. Affected versions include BIG-IP 16.1.x...

CVE-2022-26835

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell tmsh comman...

CVE-2022-26835

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell tmsh comman...

CVE-2020-5907

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell tmsh may be able to conduct arbitrary file read/writes via the built-in sftp functionality...

F5 Networks BIG-IP : TMOS Shell vulnerability (K21711352)

Authenticated users granted TMOS Shell tmsh privileges can access objects on the file system, which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system, which would not normally be allowed. CVE-2019-19151...

CVE-2019-19151

On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell tmsh privileges are able access object...

Information disclosure

On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell tmsh privileges are able access object...

F5 Networks BIG-IP : BIG-IP Appliance mode vulnerability (K11330536)

When the BIG-IP system is licensed for Appliance mode, a user with either the Administrator or the Resource Administrator rolecan bypass Appliance mode restrictions.CVE-2019-6635 Impact BIG-IP This vulnerability allows local attackers with high-level privileges to overwrite arbitrary files. This...

F5 Networks BIG-IP : BIG-IP Appliance mode vulnerability (K73522927)

When the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions. CVE-2019-6633 Impact This vulnerability allows the attacker to exploit the system with high-level privileges to read and modify the...

Authentication flaw

In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files via scp, for example can escalate their privileges to allow root shell...

F5 Networks BIG-IP : Appliance mode tmsh access vulnerability (K02043709)

On a BIG-IP system configured in Appliance mode, the TMOS Shell tmsh may allow an administrative user to use the dig utility to gain unauthorized access to file system resources. CVE-2018-5520 Note : Appliance mode is designed to meet the needs of customers in especially sensitive sectors by...

F5 Networks BIG-IP : TMOS Shell vulnerability (K37442533)

Authenticated users granted TMOS Shell tmsh access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed. CVE-2018-5516 Impact This...

F5 Networks BIG-IP : BIG-IP tmsh vulnerability (K01067037)

When BIG-IP is licensed for Appliance mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance mode restrictions to overwrite critical system files. CVE-2018-15321 Attackers with ahigh-privilege level can overwrite critical system files, which in turnbypasses security controls...

Design/Logic Flaw

On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell tmsh may allow an administrative user to use the dig utility to gain unauthorized access to file system resources...

CVE-2018-5520

On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell tmsh may allow an administrative user to use the dig utility to gain unauthorized access to file system resources...

Multiple F5 Products TMOS Shell Information Disclosure Vulnerability

F5 BIG-IP LTM and others are products of F5 Corporation, USA.F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager.TMOS Shell tmsh is one of the command line tools. A security vulnerability exists in the TMOS Shell in several F5 products. An attacker could...

Multiple F5 Products TMOS Shell Privilege Gain Vulnerability

F5 BIG-IP LTM and others are products of F5 Corporation, USA.F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager.TMOS Shell tmsh is one of the command line tools. A security vulnerability exists in the TMOS Shell in several F5 products. An attacker could...