China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws

A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an "aggressive" campaign. Google-owned Mandiant is tracking the activity under its...

PT-2023-18453 · F5 · Big-Ip Edge Client

Name of the Vulnerable Software and Affected Versions: BIG-IP Edge Client versions 7.2.2 through 7.2.3.1 Description: A DLL hijacking issue exists in the BIG-IP Edge Client Windows Installer. This affects versions of the software starting from 7.2.2 up to but not including 7.2.3.1. Note that...

F5 BIG-IQ Access Control Error Vulnerability (CNVD-2022-26842)

F5 BIG-IQ is a software-based cloud management solution from F5 USA. The solution supports the deployment of application delivery and web services across public and private clouds, traditional data centers, and hybrid environments.An access control error vulnerability exists in the F5 BIG-IQ...

SOL41613034 - NTP vulnerability CVE-2016-2519

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL17242 - Linux kernel SCTP vulnerability CVE-2015-1421

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. The BIG-IP/BIG-IQ/Enterprise Manager software contains vulnerable code SCTP kernel module, but the code is not enabled by...

SOL16967 - XSS vulnerability in jQuery CVE-2011-4969

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

SOL16983 - PCRE library vulnerability CVE-2015-2325

Although the BIG-IP/BIG-IQ/Enterprise Manager software contains the vulnerable code, BIG-IP/BIG-IQ/Enterprise Manager does not use the vulnerable code in a way that exposes the vulnerability. An attacker must have local access to BIG-IP/BIG-IQ/Enterprise Manager to trigger an exploit, which the...

SOL16846 - IPMI vulnerability CVE-2013-4786

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL13233 - TMM vulnerability CVE-2013-6016

Vulnerability Recommended Actions To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS...

SOL3082 - Multiple vulnerabilities in OpenSSL - CAN-2004-0081, CAN-2004-0079, CAN-2004-0112

F5 Product Development tracked this issue and it was fixed in BIG-IP and 3-DNS 4.5.11 and 4.6.1. Obtaining and installing patches The TA04-078A patch has been issued for BIG-IP and 3-DNS 4.5.9 and 4.6. You may download the TA04-078A patch by navigating to the BIG-IP BIG-IP v4.x 4.5 section of the...