Lucene search
K

88 matches found

Prion
Prion
added 2016/04/13 4:59 p.m.19 views

Default configuration

F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5....

4CVSS7AI score0.00791EPSS
Exploits0References2Affected Software18
CVE
CVE
added 2016/04/13 4:0 p.m.72 views

CVE-2016-2084

CVE-2016-2084 affects F5 BIG-IP and BIG-IQ cloud deployments (AWS, Azure, Verizon) where certificates and keys are not regenerated during deployment, allowing potential disclosure of sensitive data or disruption. The root cause is improper regeneration of certificates/keys when deploying cloud im...

7.4CVSS7.3AI score0.00791EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2016/04/12 2:0 p.m.63 views

CVE-2015-8021

The CVE-2015-8021 entry maps to an actual vulnerability in the BIG-IP Configuration utility where file uploads via uploadImage.php are not properly validated. Affected BIG-IP products (LTM, Analytics, APM, ASM, GTM, Link Controller, PSM, and related modules) running vulnerable 11.x releases are e...

4.3CVSS4.4AI score0.01352EPSS
Exploits0References3Affected Software13
NVD
NVD
added 2016/04/11 2:59 p.m.25 views

CVE-2015-8240

The Traffic Management Microkernel TMM in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 and BIG-IP PSM before 11.4.1 HF10 does not properly handle TCP options, which allows remote attackers...

7.5CVSS7.4AI score0.01765EPSS
Exploits0References2
Prion
Prion
added 2016/01/12 8:59 p.m.24 views

Default credentials

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management AOM subsystem, which might allow remote attackers to obtain login access to AOM via an 1 expir...

10CVSS7.2AI score0.0319EPSS
Exploits0References2Affected Software9
Prion
Prion
added 2016/01/12 8:59 p.m.26 views

Code injection

dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge...

6.9CVSS7.1AI score0.0034EPSS
Exploits0References3Affected Software19
Cvelist
Cvelist
added 2016/01/12 8:0 p.m.33 views

CVE-2015-8611

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management AOM subsystem, which might allow remote attackers to obtain login access to AOM via an 1 expir...

9.5AI score0.0319EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/01/12 8:0 p.m.30 views

CVE-2015-7759

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attackers to cause a denial of service Traffic Management Microkernel TMM restart via crafted ICMP...

4.2AI score0.01516EPSS
Exploits0References2
CVE
CVE
added 2016/01/12 8:0 p.m.70 views

CVE-2015-7759

CVE-2015-7759 affects BIG-IP 12.0.0 before HF1 across multiple modules (LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, PEM). The root cause is handling of TC P profiles with Congestion Metrics Cache enabled, which allows remote attackers to trigger a TMM restart via crafted ICMP packets rel...

4.3CVSS4.4AI score0.01516EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2016/01/12 8:0 p.m.64 views

CVE-2015-8611

The CVE-2015-8611 issue affects BIG-IP components (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM) on the 2000/4000/5000/7000/10000 platforms running 12.0.0 before HF1. The root cause is failure to sync passwords from the BIG-IP AOM (Always-On-Management) subsystem, which could all...

10CVSS9.3AI score0.0319EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/01/08 12:0 a.m.37 views

F5 Networks BIG-IP : Privilege escalation vulnerability (K75136237)

dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge...

7.4CVSS7.4AI score0.0034EPSS
Exploits0References2
CVE
CVE
added 2015/11/06 6:0 p.m.75 views

CVE-2015-7394

CVE-2015-7394 affects the datastor kernel module across multiple F5 BIG-IP products (Analytics, APM, ASM, Link Controller, LTM, AAM, AFM, PEM, Edge Gateway, WebAccelerator, WOM, GTM, PSM, BIG-IQ suites, Enterprise Manager) with versions listed as vulnerable. The root cause is the ability for remo...

9CVSS6.7AI score0.03892EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/09/18 2:0 p.m.47 views

CVE-2015-4638

The CVE-2015-4638 issue affects F5 BIG-IP products using FastL4 virtual servers (across BIG-IP LTM/AAM/AFM/Analytics/APM/ASM/GTM/Link Controller/PEM, Edge Gateway, WebAccelerator, WOM, PSM). Root cause: processing of fragmented packets in the FastL4/TMM path can cause the Traffic Management Micro...

5CVSS6.6AI score0.01744EPSS
Exploits0References2Affected Software10
CVE
CVE
added 2015/08/24 2:0 p.m.74 views

CVE-2015-5058

CVE-2015-5058 is an ICMP packet processing memory-leak vulnerability in F5 BIG-IP components (LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, PEM) and BIG-IQ (Cloud, Device, Security 4.4.0–4.5.0; ADC 4.5.0). The root cause is a memory leak triggered by a large number of crafted ICMP pac...

7.8CVSS6.6AI score0.01908EPSS
Exploits0References2Affected Software12
Prion
Prion
added 2015/05/12 7:59 p.m.19 views

Code injection

The automatic signature update functionality in the 1 Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the 2 Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0...

4.3CVSS7AI score0.00823EPSS
Exploits0References2Affected Software9
CVE
CVE
added 2015/05/12 7:0 p.m.55 views

CVE-2014-9326

CVE-2014-9326 affects F5 BIG-IP products where the automatic update check (Phone Home) and ASM Call Home auto-signature update do not properly validate SSL server certificates, enabling MITM via crafted certificates. Affected: BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, Link Controller (versions 1...

4.3CVSS6.6AI score0.00823EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/11/28 12:0 a.m.46 views

F5 Networks BIG-IP : GNU C Library vulnerability (SOL15885)

The GNU C Library aka glibc or libc6 before 2.12.2 and Embedded GLIBC EGLIBC allow context-dependent attackers to execute arbitrary code or cause a denial of service memory consumption via a long UTF8 string that is used in an fnmatch call, aka a 'stack extension attack,' a related issue to...

10CVSS5.7AI score0.14323EPSS
Exploits4References5
CVE
CVE
added 2014/11/01 11:0 p.m.63 views

CVE-2014-6032

CVE-2014-6032 describes multiple XXE flaws in the Configuration utility of F5 BIG-IP products (LTM, ASM, GTM, Link Controller, AAM, ARM, Analytics, APM/Edge Gateway, PEM, PSM, WOM, Enterprise Manager) affecting versions ranging from 10.0.0 through 10.2.4 and 11.0.0 through 11.6.0 (and related hot...

5.5CVSS6.7AI score0.02896EPSS
Exploits2References12Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.41 views

F5 Networks BIG-IP : iControl vulnerability (K15220)

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 11.0.0 through 11.3.0, Enterprise Manager...

7.1CVSS5.9AI score0.3905EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.55 views

F5 Networks BIG-IP : GnuTLS vulnerability (SOL15637)

The gnutlsciphertext2compressed function in lib/gnutlscipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service buffer over-read and crash via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. C Tenable Network Security, Inc. The...

5CVSS6.3AI score0.35584EPSS
Exploits1References3
Rows per page
Query Builder