Big-ip Carrier-grade Nat Security Vulnerabilities and Issues — Big-ip Carrier-grade Nat CVE List

Lucene search

F5Big-ip Carrier-grade Nat

7 matches found

CVE•added 2023/10/26 9:15 p.m.•313 views

CVE-2023-46748

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software version...

8.8CVSS9.2AI score0.03554EPSS

CVE•added 2022/05/05 5:15 p.m.•106 views

CVE-2022-28716

On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Config...

8.8CVSS7.8AI score0.01225EPSS

CVE•added 2024/08/14 3:15 p.m.•79 views

CVE-2024-41727

In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.7CVSS7.6AI score0.00341EPSS

CVE•added 2024/08/14 3:15 p.m.•74 views

CVE-2024-39778

When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.7CVSS7.5AI score0.0037EPSS

CVE•added 2023/10/10 1:15 p.m.•71 views

CVE-2023-43746

When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have...

8.7CVSS8.4AI score0.00056EPSS

CVE•added 2023/10/10 1:15 p.m.•65 views

CVE-2023-40537

An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.1CVSS8AI score0.00361EPSS

CVE•added 2024/08/14 3:15 p.m.•62 views

CVE-2024-41164

When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

8.2CVSS5.7AI score0.00299EPSS