PT-2025-5734

Name of the Vulnerable Software and Affected Versions: iControl versions prior to the fixed version Description: A remote command injection vulnerability exists in an undisclosed iControl REST endpoint when running in Appliance mode. This issue allows an authenticated attacker to cross a security...

F5 Networks BIG-IP : BIG-IP iControl REST vulnerability (K000138757)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.2. It is, therefore, affected by a vulnerability as referenced in the K000138757 advisory. When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection...

F5 Networks BIG-IP : BIG-IP iControl REST and tmsh vulnerability (K000148587)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.6 / 16.1.5.2 / 17.1.2.1. It is, therefore, affected by a vulnerability as referenced in the K000148587 advisory. A command injection vulnerability exists in iControl REST and the BIG-IP TMOS Shell tmsh, which may...

F5 Networks BIG-IP : BIG-IP iControl REST vulnerability (K10438187)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.5 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K10438187 advisory. Undisclosed requests to BIG-IP iControl REST can lead to an information leak of user account names.CVE-2024-41723...

CVE-2024-41723

Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-41723

Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-41723 BIG-IP iControl REST vulnerability

Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-41723

CVE-2024-41723 affects BIG-IP iControl REST. A remote authenticated attacker with network access can view only usernames in the BIG-IP system via the iControl REST interface; there is no data plane exposure (control plane issue). Affected product versions are listed in F5 advisory: BIG-IP Next/ B...

K10438187: BIG-IP iControl REST vulnerability CVE-2024-41723

Security Advisory Description Undisclosed requests to BIG-IP iControl REST can lead to an information leak of user account names. CVE-2024-41723 Impact This vulnerability allows for a remote authenticated attacker with network access to the iControl REST interface, through the BIG-IP management...

PT-2024-29539 · F5 · F5 Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP affected versions not specified Description: Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note that software versions which have reached End of Technical Support EoTS are not...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 A remote code execution vulnerability exi...

CVE-2024-22093

When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical...

CVE-2024-22389

When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Design/Logic Flaw

When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-22093

The CVE-2024-22093 issue affects BIG-IP in Appliance mode where an authenticated attacker can exploit an undisclosed iControl REST endpoint to perform remote command injection and cross the security boundary. Affected versions include BIG-IP Next/BIG-IP (all modules) on 17.x with fixes in 17.1.1,...

CVE-2024-22093 Appliance mode iControl REST vulnerability

When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical...

CVE-2024-22093 Appliance mode iControl REST vulnerability

When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical...

CVE-2024-22389 BIG-IP iControl REST API Vulnerability

When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-22389 BIG-IP iControl REST API Vulnerability

When BIG-IP is deployed in high availability HA and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-22389

CVE-2024-22389 affects BIG-IP in HA deployments where updating an iControl REST API token fails to sync to the peer, a control-plane issue impacting confidentiality, integrity, and availability (CVSS v3.1 base 7.2). Affected releases and fixes: BIG-IP (all modules) vulnerable in 17.1.0; fix intro...