Lucene search
K
F5Ssl Orchestrator

27 matches found

CVE
CVE
added 2020/07/01 12:0 a.m.1996 views

CVE-2020-5902

CVE-2020-5902 is an unauthenticated RCE in F5 BIG-IP TMUI (Traffic Management User Interface). The root cause is a path traversal/authentication bypass flaw in TMUI that allows remote attackers to trigger arbitrary code execution on vulnerable BIG-IP devices. Affected versions include multiple 11...

10CVSS9.9AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2021/03/31 2:4 p.m.1288 views

CVE-2021-22986

CVE-2021-22986 affects F5 BIG-IP iControl REST, allowing unauthenticated remote command execution. Affected software ranges include BIG-IP 16.0.0–16.0.1 (before 16.0.1.1), 15.1.x (before 15.1.2.1), 14.1.x (before 14.1.4), 13.1.x (before 13.1.3.6), 12.1.x (before 12.1.5.3), and BIG-IQ 7.1.0.x (bef...

10CVSS9.7AI score0.99898EPSS
In wildWeb
CVE
CVE
added 2021/03/31 5:23 p.m.1072 views

CVE-2021-22991

CVE-2021-22991 affects BIG-IP Traffic Management Microkernel (TMM) URI normalization, where undisclosed requests to a virtual server may trigger a buffer overflow in TMM. This can cause a DoS and, in some scenarios, bypass URL-based access controls or enable remote code execution. The issue impac...

9.8CVSS9.7AI score0.61064EPSS
In wildWeb
CVE
CVE
added 2021/03/31 4:44 p.m.116 views

CVE-2021-22990

CVE-2021-22990 affects BIG-IP TMUI (Configuration utility) when Advanced WAF/ASM is provisioned. It is an authenticated remote command execution vulnerability in undisclosed TMUI pages that can be exploited by highly privileged, network-accessible users via the management port or self IPs. Fixed ...

9CVSS8AI score0.08838EPSS
CVE
CVE
added 2020/09/25 1:22 p.m.111 views

CVE-2020-5929

Summary (CVE-2020-5929): BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server using a Client SSL profile, and ADH/DHE key exchange (with Single DH use not enabled) are vulnerable to crafted TLS handshakes that may recover plaintext by exploiting PMS starting with ...

5.9CVSS5.6AI score0.01206EPSS
CVE
CVE
added 2021/03/31 4:43 p.m.103 views

CVE-2021-22987

CVE-2021-22987 is a confirmed BIG-IP TMUI (Configuration utility) vulnerability in Appliance mode. An authenticated remote attacker with network access to the BIG-IP management surface can execute arbitrary commands due to a flaw in undisclosed TMUI pages. Affected versions include 16.0.x before ...

9.9CVSS9.2AI score0.13672EPSS
CVE
CVE
added 2021/03/31 4:48 p.m.101 views

CVE-2021-22989

CVE-2021-22989 affects BIG-IP appliances in Appliance mode with Advanced WAF/ASM, where TMUI (Configuration utility) can be abused via authenticated remote command execution in undisclosed pages. Affected versions include 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1....

9.1CVSS9.1AI score0.08838EPSS
CVE
CVE
added 2021/03/31 4:47 p.m.101 views

CVE-2021-22992

The CVE-2021-22992 vulnerability affects BIG-IP Advanced WAF/ASM: a crafted HTTP response sent to a virtual server with a Login Page can trigger a buffer overflow, enabling denial-of-service and, in certain cases, remote code execution leading to full system compromise. Affected versions include ...

9.8CVSS9.7AI score0.72711EPSS
CVE
CVE
added 2021/03/31 2:3 p.m.96 views

CVE-2021-22988

CVE-2021-22988 affects BIG-IP TMUI (Configuration utility). In particular, authenticated remote command execution is possible via undisclosed TMUI pages on affected releases. Affected lines include BIG-IP 16.x before 16.0.1.1, 15.x before 15.1.2.1, 14.x before 14.1.4, 13.x before 13.1.3.6, 12.x b...

9CVSS9.1AI score0.10444EPSS
CVE
CVE
added 2021/03/31 5:25 p.m.95 views

CVE-2021-22994

CVE-2021-22994 is an XSS flaw in BIG-IP iControl REST that enables a reflected XSS leading to complete system compromise when the victim is an admin. Affected: BIG-IP versions and branches as per F5 advisories (K66851119 and related entries): 16.x vulnerable 16.0.0–16.0.1; fix in 16.1.0.1/16.1.0+...

6.1CVSS7.2AI score0.00581EPSS
CVE
CVE
added 2020/11/19 12:14 a.m.88 views

CVE-2020-5947

This CVE affects BIG-IP platforms (2000, 4000, i2000, i4000, and VE). The vulnerable component is TCP sequence handling in BIG-IP virtual server code, with root cause described as a design/logic flaw that allows attackers to obtain and reuse TCP sequence numbers. Affected versions include 16.0.0–...

4.3CVSS4.4AI score0.00688EPSS
CVE
CVE
added 2020/12/24 3:16 p.m.81 views

CVE-2020-27719

CVE-2020-27719 affects F5 BIG-IP products (LTM, AAM, Advanced WAF, etc.) with a cross-site scripting (XSS) vulnerability in an undisclosed page of the BIG-IP Configuration utility. Affected versions include 16.0.0–16.0.0.1, 15.1.0–15.1.0.5, and 14.1.0–14.1.3. The root cause is an XSS flaw on an i...

6.1CVSS5.9AI score0.00634EPSS
CVE
CVE
added 2021/03/31 5:37 p.m.78 views

CVE-2021-22998

CVE-2021-22998 affects BIG-IP SNAT listeners: SYN flood protection thresholds are not enforced, potentially allowing affected SNAT traffic to exceed protection. Fixed in later BIG-IP releases; upgrade to 16.1.0 or 16.0.1.1 and later per vendor advisories. Exploitation details are not provided in ...

5.3CVSS5.7AI score0.00946EPSS
CVE
CVE
added 2021/03/31 5:40 p.m.78 views

CVE-2021-23004

CVE-2021-23004 affects BIG-IP MPTCP handling. Affects BIG-IP versions including 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3. The issue allows creation of Multipath TCP (MPTCP) forwarding flows on ...

7.5CVSS7.6AI score0.00961EPSS
CVE
CVE
added 2021/03/31 5:29 p.m.75 views

CVE-2021-22999

CVE-2021-22999 affects BIG-IP HTTP/2 profiles: when an HTTP/2 client closes a slow connection, the system may indefinitely retain streams, causing a memory leak and potential DoS. Affected versions include 15.0.x before 15.1.0 and 14.1.x before 14.1.4; remediation involves upgrading to non‑vulner...

7.5CVSS7.6AI score0.00961EPSS
CVE
CVE
added 2021/03/31 5:26 p.m.75 views

CVE-2021-23000

CVE-2021-23000 affects F5 BIG-IP TMM on affected BIG-IP versions (13.1.3.4–13.1.3.6 and 12.1.5.2). A sequence of malicious requests can trigger a restart of TMM when the tmm.http.rfc.enforcement BigDB key is enabled or the AFM HTTP security profile’s Bad host header check is used. Impact per the ...

7.5CVSS7.6AI score0.00933EPSS
CVE
CVE
added 2020/08/26 2:3 p.m.73 views

CVE-2020-5913

CVE-2020-5913 affects F5 BIG-IP: the BIG-IP Client or Server SSL profile ignores revoked certificates even when a valid CRL is present, enabling potential MITM in SSL/TLS connections. Affected versions include 11.6.1–11.6.5.2, 12.1.0–12.1.5.1, 13.1.0–13.1.3.4, 14.1.0–14.1.2.3, and 15.0.0–15.1.0.1...

7.4CVSS7.3AI score0.005EPSS
CVE
CVE
added 2021/03/31 5:28 p.m.71 views

CVE-2021-23003

CVE-2021-23003 affects BIG-IP Traffic Management Microkernel (TMM) across multiple releases. The TMM may produce a core file when undisclosed MPTCP traffic passes through a standard virtual server. Vulnerable versions include BIG-IP 16.0.0–16.0.1, 15.1.x up to 15.1.1, 14.1.x up to 14.1.3.1, 13.1....

7.5CVSS7.6AI score0.00961EPSS
CVE
CVE
added 2019/07/03 5:57 p.m.68 views

CVE-2019-6630

The CVE-2019-6630 entry applies to F5 SSL Orchestrator, specifically versions 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, where undisclosed traffic flow can cause the Traffic Management Microkernel (TMM) to restart under certain circumstances. This may disrupt service for deployments using transparent p...

7.5CVSS7.5AI score0.01376EPSS
CVE
CVE
added 2020/08/26 2:44 p.m.66 views

CVE-2020-5922

CVE-2020-5922 affects F5 BIG-IP iControl REST: vulnerable when using Basic Authentication in a browser due to missing CSRF protections. Impact described as that an attacker could run malicious actions in the context of an authenticated user, with higher risk for admins who can access bash and pot...

9.3CVSS8.7AI score0.00593EPSS
CVE
CVE
added 2019/07/03 5:46 p.m.65 views

CVE-2019-6627

F5 SSL Orchestrator CVE-2019-6627 involves a race-condition in TMM that may restart the engine when SSL Forward Proxy enforces bypass on a transparent virtual server with SNAT enabled. Affected releases include 14.1.0 – 14.1.0.5; the advisory indicates fixes introduced in 14.1.0.6. Impact is traf...

5.9CVSS5.7AI score0.00805EPSS
CVE
CVE
added 2021/03/31 5:38 p.m.64 views

CVE-2021-23001

CVE-2021-23001 affects BIG-IP Advanced WAF/ASM; an authenticated user can upload files via an undisclosed iControl REST endpoint, potentially exhausting disk space or enabling later attacks. Affected versions include 16.0.0–16.0.1, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x. Remediation: upgrade ...

4.3CVSS5AI score0.00572EPSS
CVE
CVE
added 2020/08/26 2:31 p.m.63 views

CVE-2020-5912

CVE-2020-5912 affects F5 BIG-IP restjavad dump command. A locally authenticated attacker may overwrite arbitrary files in several BIG-IP releases. Affected: BIG-IP 11.6.1–11.6.5.1, 12.1.0–12.1.5.1, 13.1.0–13.1.3.3, 14.1.0–14.1.2.3, 15.0.0–15.0.1.3, 15.1.0–15.1.0.4. Remediation: upgrade to non‑vul...

7.1CVSS7AI score0.00321EPSS
CVE
CVE
added 2020/08/26 2:25 p.m.57 views

CVE-2020-5916

CVE-2020-5916 affects F5 BIG-IP: certificates admin and higher privileged roles can read arbitrary files outside the web root via the BIG-IP Configuration utility. Affects BIG-IP versions 15.1.0–15.1.0.4 and 15.0.0–15.0.1. The root cause is improper enforcement of file read permissions in the Con...

6.8CVSS6.6AI score0.00533EPSS
CVE
CVE
added 2020/10/29 1:29 p.m.57 views

CVE-2020-5938

The CVE concerns F5 BIG-IP IPsec negotiation where, during tunnel setup with authenticated peers, the peer may agree on a key length outside the BIG-IP‑configured policy. Affected BIG‑IP versions: 11.6.1–11.6.5.2, 12.1.0–12.1.5.x, and 13.1.0–13.1.3.4. The vulnerability can lead to weaker-than-con...

6.5CVSS6.4AI score0.00523EPSS
CVE
CVE
added 2019/11/27 9:0 p.m.55 views

CVE-2019-6674

The CVE affects F5 SSL Orchestrator’s Traffic Management Microkernel (TMM) and may crash when processing SSLO data in a service-chaining configuration. Affected versions are 15.0.0–15.0.1 and 14.0.0–14.1.2; remediation is to upgrade to fixed releases: 15.1.0 for 15.x and 14.1.2.1 for 14.x. Docume...

7.5CVSS7.5AI score0.01044EPSS
CVE
CVE
added 2017/04/06 2:0 p.m.53 views

CVE-2017-6130

CVE-2017-6130 affects F5 SSL Intercept iApp 1.5.0–1.5.7 and SSL Orchestrator 2.0 when deployed with SNAT Automap and Dynamic Domain Bypass (DDB). The root cause is Server-Side Request Forgery (SSRF) allowing remote attacker to abuse egress routing, with CVSS v3.0 base score 7.3 (from F5 advisory)...

7.4CVSS7.4AI score0.01147EPSS