K55543151: BIG-IP TMUI vulnerability CVE-2021-23025

Security Advisory Description An authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. CVE-2021-23025 Impact This vulnerability may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or...

K42526507: BIG-IP TMUI vulnerability CVE-2021-23041

Security Advisory Description A DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. CVE-2021-23041 Impact An attacker may exploit this...

K47105354: Lodash library vulnerability CVE-2019-10744

Security Advisory Description Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. CVE-2019-10744 Impact An attacker can use Function inside of...

K18132488: Appliance mode TMUI authenticated remote command execution vulnerability CVE-2021-22987

Security Advisory Description When running in Appliance mode, the Traffic Management User Interface TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. CVE-2021-22987 Note : For systems not running in Appliance mod...

K70031188: TMUI authenticated remote command execution vulnerability CVE-2021-22988

Security Advisory Description The Traffic Management User Interface TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. CVE-2021-22988 Note : For systems running in Appliance mode, refer to K18132488 Appliance Mode...

K57214921: BIG-IP TMUI XSS vulnerability CVE-2020-5915

Security Advisory Description An undisclosed Traffic Management User Interface TMUI, or Configuration utility, page contains a vulnerability which allows a stored cross-site scripting XSS attack when BIG-IP systems are setup in a device trust. Impact On a BIG-IP system in a high availability HA...

K56142644: Appliance mode Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22989

Security Advisory Description When running in Appliance mode with Advanced WAF or ASM provisioned, the Traffic Management User Interface TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. CVE-2021-22989 Note : For...

K45056101: Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22990

Security Advisory Description On systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. CVE-2021-22990 Note : For systems...

K42696541: F5 TMUI XSS vulnerability CVE-2020-5948

Security Advisory Description Undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. CVE-2020-5948 Impact An attacker may exploit this vulnerability using a crafted URL t...

K21540525: F5 TMUI XSS vulnerability CVE-2020-5945

Security Advisory Description Undisclosed TMUI page contains a stored cross site scripting vulnerability XSS. The issue allows a minor privilege escalation for resource admin to escalate to full admin. CVE-2020-5945 Impact A malicious, authenticated user with Resource Administrator privileges may...

K41877405: BIG-IP TMUI vulnerability CVE-2022-27659

Security Advisory Description An authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface TMUI. CVE-2022-27659 Impact This vulnerability may allow an authenticated attacker with network access to the TMUI, also referred to as th...

K08510472: BIG-IP TMUI vulnerability CVE-2022-28695

Security Advisory Description An authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. CVE-2022-28695 Impact This vulnerability may allow an authenticated high-privilege attack...

K00432398: BIG-IP TMUI XSS vulnerability CVE-2019-6626

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the BIG-IP Configuration utility. CVE-2019-6626 Impact If a targeted administrative user accesses the Configuration...

K30500703: TMUI vulnerability CVE-2018-5511

Security Advisory Description When authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. CVE-2018-5511 Impact This vulnerability allows a privilege...

K31301245: TMUI CSRF vulnerability CVE-2020-5904

Security Advisory Description A cross-site request forgery CSRF vulnerability in the Traffic Management User Interface TMUI, also referred to as the Configuration utility, exists in an undisclosed page. CVE-2020-5904 Impact An attacker may be able to use the session of an administrator user to...

K21435974: TMUI XSS vulnerability CVE-2021-23037

Security Advisory Description A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. CVE-2021-23037 Impact An attacker may exploit this...

K55879220: Overview of F5 vulnerabilities (May 2022)

Security Advisory Description On May 4, 2022, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...

K68151373: IP Intelligence Feed List TMUI vulnerability CVE-2019-6636

Security Advisory Description On BIG-IP AFM, ASM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker can store a CSRF which results in code execution as the admin user. Th...

CVE-2022-41813 BIG-IP PEM and AFM TMUI, TMSH and iControl vulnerability CVE-2022-41813

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel TMM to terminate...

F5 Networks BIG-IP : BIG-IP PEM and AFM TMUI, TMSH, and iControl REST vulnerability (K93723284)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5 / 15.1.6.1 / 16.1.3.1 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K93723284 advisory. When the BIG-IP system is provisioned with the PEM or AFM module, an undisclosed input can cause...