F5 BIG-IP Stack-Based Buffer Overflow Vulnerability

F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat actor to achieve remote code execution...

CVE-2026-22549 BIG-IP Container Ingress Services vulnerability

A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

F5 Networks BIG-IP : SQLite vulnerability (K000158050)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6 / 17.1.2.2. It is, therefore, affected by a vulnerability as referenced in the K000158050 advisory. SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode...

F5 BIG-IP SSL/TLS Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial of service vulnerability exists in the SSL/TLS module of BIG-IP. The vulnerability arises because when the...

F5 Networks BIG-IP : BIG-IP SCP and SFTP vulnerability (K000151902)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000151902 advisory. When running in Appliance mode, a highly privileged authenticated attacker with access to Secu...

F5 Networks BIG-IP : Python urllib vulnerability (K000153040)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000153040 advisory. An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is...

F5 BIG-IP APM 安全漏洞

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. A security vulnerability exists in F5 BIG-IP APM that stems from an HTTP/2 implementation flaw that could lead to a denial-of-service attack...

F5 BigIP Access Policy Manager Session Exhaustion Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BigIP Access Policy Manager Session Exhaustion Denial of Service', 'Description' = %q This module exploits a resource exhaustion denial of...

PT-2024-19061 · F5 · Big-Ip Next Central Manager

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP Next Central Manager affected versions not specified Description: An OData injection vulnerability exists in the BIG-IP Next Central Manager API. The issue affects the API endpoint, but specific details about the endpoint, such as...

VulnCheck KEV: CVE-2016-5700

Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the...

VulnCheck KEV: CVE-2023-46748

F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747...

New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products

F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service DoS or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol SOAP interface and affects the following versions of BIG-IP - 13.1.5 14.1.4.6 - 14.1.5 15.1.5.1...

F5 BIG-IP 资源管理错误漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A security vulnerability exists in F5 BIG-IP that originates from an authenticated iControl REST user who can cause an increas...

CVE-2022-27806

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration GC all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance...

CVE-2022-27182

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, when BIG-IP packet filters are enabled and a virtual server is configured with the type set to Reject, undisclosed requests can cause an increase in memory resource utilizatio...

PT-2022-19172 · F5 · Big-Ip Afm

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP AFM versions prior to 16.1.2.2 F5 BIG-IP AFM versions prior to 15.1.5.1 F5 BIG-IP AFM versions prior to 14.1.4.6 F5 BIG-IP AFM versions prior to 13.1.5 Description: An authenticated attacker with high privileges can upload a...

CVE-2022-28701

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, and load balancing. A security vulnerability exists in the F5 BIG-IP that stems from a lack of integrity checking in the F5 BIG-IP bootstrap configuration when...

F5 BIG-IP 多款产品跨站脚本漏洞

F5 BIG-IP and F5 BIG-IP Guided Configuration GC are both products of F5, Inc. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IP Guided Configuration is a configuration template. cross-site...

CVE-2021-22991

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel TMM URI normalization, which may trigger a buffer...