106 matches found
CVE-2023-28742
When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2023-24594
When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2023-24461
An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2023-22372
In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Code injection
When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2023-28656 NGINX Management Suite vulnerability
NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
K000133251: Overview of F5 vulnerabilities (May 2023)
Security Advisory Description On May 3, 2023, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...
CVE-2023-22340
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technic...
CVE-2023-22842 BIG-IP SIP profile vulnerability
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software...
CVE-2023-22657 F5OS vulnerability
On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2023-22340 BIG-IP SIP profile vulnerability
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technic...
CVE-2022-35241
In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2022-34862
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which...
CVE-2022-35272
CVE-2022-35272 affects BIG-IP HTTP MRF. When source-port preserve-strict is enabled on an MRF virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to crash (core file) and terminate connections, leading to a denial of service. Affected versions: BIG-IP 17.0.x bef...
CVE-2022-33962
CVE-2022-33962 affects BIG-IP iRules: the node command may bypass access controls on a self IP, enabling privilege escalation for an authenticated attacker with iRules Manager role. Affected branches include BIG-IP all modules: 17.x (vulnerable), 16.x, 15.x, 14.x, and 13.x. Remediation: apply fix...
CVE-2022-30535
CVE-2022-30535: summary Ingress Controller for NGINX (NGINX Ingress Controller) versions 2.x before 2.3.0 and all 1.x are affected. The issue allows an attacker who can create or update ingress objects to access secrets stored by the NGINX Ingress Controller, constituting a control-plane data dis...
F5 Networks BIG-IP : TMM vulnerability (K16852653)
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5 / 15.1.6.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K16852653 advisory. - In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and a...
CVE-2022-27875
On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2022-26370
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol SIP message routing framework MRF application layer gateway ALG profile is configured on a Message Routing virtual server, undisclosed request...
CVE-2022-1388
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End o...