Big-ip Advanced Firewall Manager@12.1.5.1 Security Vulnerabilities and Issues — Big-ip Advanced Firewall Manager@12.1.5.1 CVE List

Lucene search

F5Big-ip Advanced Firewall Manager12.1.5.1

7 matches found

CVE•added 2020/04/30 9:15 p.m.•73 views

CVE-2020-5884

On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure. This is a control plane issue that is exposed only on the network used for mirroring.

9.1CVSS9.1AI score0.00616EPSS

CVE•added 2020/04/30 9:15 p.m.•73 views

CVE-2020-5885

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only o...

9.1CVSS9.1AI score0.00244EPSS

CVE•added 2020/04/30 10:15 p.m.•73 views

CVE-2020-5890

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace.

5.5CVSS5.6AI score0.00133EPSS

CVE•added 2020/04/30 9:15 p.m.•67 views

CVE-2020-5876

On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address o...

8.1CVSS7.9AI score0.00304EPSS

CVE•added 2020/04/30 9:15 p.m.•62 views

CVE-2020-5886

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only o...

9.1CVSS9.3AI score0.00244EPSS

CVE•added 2020/07/01 3:15 p.m.•62 views

CVE-2020-5904

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page.

8.8CVSS8.6AI score0.00279EPSS

CVE•added 2020/04/30 9:15 p.m.•39 views

CVE-2020-5877

On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, malformed input to the DATAGRAM::tcp iRules command within a FLOW_INIT event may lead to a denial of service.

7.5CVSS7.5AI score0.00647EPSS