F5 Networks BIG-IP : zxfrd vulnerability (K25595031)

zxfrd leaks memory when listing DNS zones. Zones can be listed via TMSH, iControl or SNMP; only users with access to those services can trigger this vulnerability.CVE-2020-27725 Impact The memory leak by the zxfrd processeventually causesthe system to experiencean out-of-memory condition. As a...

CVE-2020-5948

On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the...

CVE-2020-5950

On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role...

Cross site scripting

On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role...

CVE-2020-5950

On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role...

CVE-2020-5950

CVE-2020-5950 affects F5 BIG-IP 14.1.0–14.1.2.6, with undisclosed iControl REST endpoints enabling reflected XSS that could lead to complete BIG-IP compromise if the victim is admin. Public sources (NVD/Red Hat/CVE listings) reiterate the affected range and vulnerability description. The F5 advis...

CVE-2020-5948

On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the...

CVE-2020-5948

CVE-2020-5948 is an iControl REST reflected XSS in BIG-IP. Connected advisories (F5 K42696541) specify affected branches and fixed versions: BIG-IP 16.x vulnerable in 16.0.0; fixed in 16.0.1.1. 15.x vulnerable in 15.0.0–15.1.0; fixed in 15.1.1. 14.x vulnerable in 14.1.0–14.1.2; fixed in 14.1.2.8....

CVE-2020-5948 — F5 TMUI XSS vulnerability

On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2. Undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the...

F5 BIG-IP Cross-Site Scripting Vulnerability

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing and other features from F5 USA. BIG-IP suffers from a cross-site scripting vulnerability that originates in the iControl REST endpoint that allows reflection o...

CVE-2020-5922

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser...

CVE-2020-5922

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser...

Cross site scripting

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser...

CVE-2020-5922

CVE-2020-5922 affects F5 BIG-IP iControl REST: vulnerable when using Basic Authentication in a browser due to missing CSRF protections. Impact described as that an attacker could run malicious actions in the context of an authenticated user, with higher risk for admins who can access bash and pot...

CVE-2020-5922

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser...

F5 Networks BIG-IP : iControl REST CSRF vulnerability (K20606443)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.2 / 13.1.3.4 / 14.1.2.7 / 15.1.0.5 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K20606443 advisory. - In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3,...

F5 Networks BIG-IP : iControl REST vulnerability (K53990093)

REST users with guest privileges may beable to escalate their privilegesand run commands with admin privileges. CVE-2019-6646 Impact Users with guest privileges are able to exploit this vulnerability to escalate their access privileges. C Tenable Network Security, Inc. The descriptive text and...

F5 BIG-IP Input Validation Error Vulnerability (CNVD-2019-30624)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An input validation error vulnerability exists in F5 BIG-IP versions 12.1.0 through 12.1.4.1, which can be exploited by an...

CVE-2019-6638

On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process...

CVE-2019-6641

On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl REST processes to crash. The attack can only come from an authenticated user; all roles are capable of performing the attack. Unauthenticated users cannot perform this attack...