106 matches found
Cross site scripting
On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM...
Directory traversal
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell tmsh comman...
Authentication flaw
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance...
CVE-2022-28708
CVE-2022-28708 affects F5 BIG-IP in 16.1.x (before 16.1.2.2) and 15.1.x (before 15.1.5.1) when a DNS resolver-enabled, HTTP-Explicit or SOCKS profile is on a virtual server. An undisclosed DNS response can cause the Traffic Management Microkernel (TMM) process to terminate, resulting in functiona...
CVE-2022-27878
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, a stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute...
CVE-2022-26517
CVE-2022-26517 affects F5 BIG-IP CGNAT Large Scale NAT (LSN) when the LSN pool is on a virtual server with packet filtering enabled. Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate, resulting in DoS. Affected branches and fixed versions per F5 advisory K540825...
CVE-2022-26415
CVE-2022-26415 affects F5 BIG-IP in Appliance mode via an authenticated iControl REST endpoint, enabling bypass of appliance-mode restrictions. Affected versions include BIG-IP 16.1.x prior to 16.1.2.2, 15.1.x prior to 15.1.5.1, 14.1.x prior to 14.1.4.6, 13.1.x prior to 13.1.5, and all 12.1.x. Re...
CVE-2022-26372
CVE-2022-26372 affects F5 BIG-IP DNS profile: when a DNS listener on a virtual server uses DNS queueing (default), undisclosed requests can cause memory resource utilization to spike, leading to degraded performance or DoS. Affected branches and fixes per VULNERABILITY docs: BIG-IP 15.1.x before ...
CVE-2022-1389
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP fixed in 17.0.0, a cross-site request forgery CSRF vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping,...
CVE-2022-1388
CVE-2022-1388 affects F5 BIG-IP iControl REST authentication. Affected: BIG-IP 16.1.x before 16.1.2.2; 15.1.x before 15.1.5.1; 14.1.x before 14.1.4.6; 13.1.x before 13.1.5; and all 12.1.x and 11.6.x. Root cause per CNVD/CISA: authentication bypass via iControl REST, enabling unauthenticated acces...
CVE-2022-27189
CVE-2022-27189 affects BIG-IP ICAP profile on any BIG-IP module where an ICAP profile is configured on a virtual server, with undisclosed traffic potentially causing increased TMM memory resource utilization and DoS. Root cause: CWE-681 (type conversion). Affected branches and known-vulnerable ve...
F5 Networks BIG-IP : TMUI XSS vulnerability (K25451853)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K25451853 advisory. - On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x...
F5 Networks BIG-IP : BIG-IP TMUI vulnerability (K08510472)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K08510472 advisory. - On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to...
F5 Networks BIG-IP : BIG-IP RTSP profile vulnerability (K37155600)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K37155600 advisory. - On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1...
CVE-2022-23031
On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4, an XML External Entity XXE vulnerability exists in an undisclosed page of the F5 Advanced Web Application Firewall Advanced WAF and BIG-IP ASM Traffic Management User Interface...
Cross site scripting
On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute...
Design/Logic Flaw
On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP...
Design/Logic Flaw
On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when the BIG-IP Virtual Edition VE uses the ixlv driver which is used in SR-IOV mode and requires Intel X710/XL710/XXV710 family of network adapters on the Hypervisor and TCP Segmentation...
CVE-2022-23032
In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2022-23016
CVE-2022-23016 affects BIG-IP: TLS 1.3 in SSL Forward Proxy on a virtual server can trigger TMM termination due to undisclosed requests. Affected: BIG-IP 16.0.0–16.1.1 and 15.1.0–15.1.4. Fixes: upgrade to 16.1.2 or 15.1.4.1 (per F5 advisory K91013510). In other lines of evidence, similar advisori...