Code injection

On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Client SSL profile must have session tickets enabled and use DHE cipher suites to be affected. This only impacts the data plane, there is no impact to...

PT-2019-18211 · F5 · F5 Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 14.1.0 through 14.1.0.5 Description: The issue occurs when undisclosed SSL traffic is sent to a virtual server configured with a Client SSL profile that has session tickets enabled and uses DHE cipher suites. This can cause...

F5 Networks BIG-IP : BIG-IP AFM and PEM TMUI XSS vulnerability (K61002104)

Undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting XSS issue. This is a control plane issue only and is not accessible from the data plane. The attack requires a malicious resource administrator to store the XSS. CVE-2019-6639 Impact A...

CVE-2019-6603

In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs...

Code injection

In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs...

CVE-2019-6603

In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs...

CVE-2019-6603

In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs...

F5 Networks BIG-IP : TMM vulnerability (K14632915)

Malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. CVE-2019-6603 Impact This vulnerability allows remote disruption of...

F5 Networks BIG-IP : TMM with HTTP/2 vulnerability (K45320419)

Maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue. CVE-2018-5514 Impact The BIG-IP system may temporarily fail to process traffic as it...

F5 Networks BIG-IP : BIG-IP SOCKS proxy vulnerability (K55225440)

Responses to SOCKS proxy requests made through the BIG-IP system may cause a disruption of service provided by theTraffic Management Microkernel TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a virtual server. The control plane is not impacted by this...

F5 Networks BIG-IP : TMM vulnerability (K55102452)

Undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles using AES-GCM cipher suitesmay cause disruption of data plane services. CVE-2017-6140 This vulnerability affects the following BIG-IP platforms:2000s,2200s,4000s,4200v,i5600, i5800,i7600, i7800,i10600,...

F5 Networks BIG-IP : TMM vulnerability (K52167636)

Features in the BIG-IP system that utilizeinflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a 'Zip Bomb' attack.CVE-2017-6153 Impact BIG-IP systems deployed in Forward Proxy mode with the inflate functionality enabled a...

F5 Networks BIG-IP : TMM vulnerability (K72442354)

Undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system. The configuration which exposes this condition is the BIG-IP self IP address which is part of a VLAN group and has the Port Lockdown setting configured with anything other than 'allow-all'. CVE-2018-15320...

F5 Networks BIG-IP : TMM vulnerability (K46940010)

A malformed Transport Layer Security TLS handshake causes the Traffic Management Microkernel TMM to stop responding, leading to a disruption of service. This issue is only exposed on the data plane when a Proxy SSL configuration is enabled. The control plane is not impacted by this issue...

dpdk: Information exposure in unchecked guest physical to host virtual address translations

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory...

CVE-2018-12691

Time-of-check to time-of-use TOCTOU race condition in org.onosproject.acl aka the access control application in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection...

CVE-2018-12691

Time-of-check to time-of-use TOCTOU race condition in org.onosproject.acl aka the access control application in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection...

dpdk: Information exposure in unchecked guest physical to host virtual address translations

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory...

CVE-2018-5513

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impact...

Information disclosure

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impact...