5 matches found
F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000161022)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000161022 advisory. Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh network...
CVE-2026-28758
CVE-2026-28758 affects BIG-IP DNS: the gtm_add and bigip_add iControl REST commands return the ssh-password in cleartext in responses and audit logs, enabling a highly privileged, authenticated attacker with audit-log access to view sensitive data. Affected versions include BIG-IP DNS on 21.x (vu...
CVE-2022-41617
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface...
Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager
Nuclei Template Exploit F5 BIG-IP iControl REST Auth Bypass RC...
F5 BIG-IP iControl REST Cross-Site Request Forgery Vulnerability
The F5 BIG-IP is an F5 load balancing device. The F5 BIG-IP iControl REST suffers from a cross-site request forgery vulnerability that can be exploited by remote attackers to construct malicious URIs, bait requests, and can be used in the context of the target user to perform malicious operations...