18 matches found
F5 Networks BIG-IP : BIG-IP and BIG-IQ privilege escalation vulnerability (K000160971)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160971 advisory. A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker...
EUVD-2026-29997
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...
EUVD-2026-29961
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-32643
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-40698
CVE-2026-40698 affects BIG-IP and BIG-IQ where a highly privileged, authenticated user (Resource Administrator) can create SNMP configuration objects via iControl REST or tmsh, enabling privilege escalation. The connected advisory documents concrete details on affected products/versions and the u...
K000160932: Quarterly Security Notification (May 2026)
Security Advisory Description On May 13, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can watch t...
F5 BIG-IQ 路径遍历漏洞
F5 BIG-IQ is a software-based cloud management solution developed by F5 Corporation in the United States. This solution supports the delivery of applications and network services across public and private clouds, traditional data centers, and hybrid environments. F5 BIG-IQ has a path traversal...
F5 BIG-IP和F5 BIG-IQ 安全漏洞
F5 BIG-IP and F5 BIG-IQ are both products from the American company F5. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IQ is a software-based cloud management solution. This...
PT-2026-40669
Name of the Vulnerable Software and Affected Versions BIG-IP versions prior to 17.1.3.2 BIG-IP versions prior to 17.5.1.6 BIG-IP versions prior to 21.0.0.2 BIG-IQ versions prior to 17.1.3.2 BIG-IQ versions prior to 17.5.1.6 BIG-IQ versions prior to 21.0.0.2 Description A highly privileged,...
PT-2026-40653
Name of the Vulnerable Software and Affected Versions BIG-IP versions prior to 17.1.3.2 BIG-IP versions prior to 17.5.1.6 BIG-IP versions prior to 21.0.0.2 BIG-IQ versions prior to 17.1.3.2 BIG-IQ versions prior to 17.5.1.6 BIG-IQ versions prior to 21.0.0.2 Description A privilege escalation issu...
EUVD-2020-27027
Malware in sbrugna...
EUVD-2019-16212
Malware in sbrugna...
CVE-2021-23006
On all 7.x and 6.x versions fixed in 8.0.0, undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note: Software versions which have reached End of Software Development EoSD are not evaluated...
CVE-2021-22986
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note...
CVE-2019-6652
In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security TLS...
CVE-2019-6653
There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles...
CVE-2023-29240 BIG-IQ iControl REST Vulnerability
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
F5 BIG-IQ 代码问题漏洞
F5 BIG-IQ is a software-based cloud management solution from F5 USA. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments. F5 BIG-IQ suffers from a security vulnerability that originate...