Filtered by vendor F5
Subscriptions
Filtered by product Big-ip Domain Name System
Subscriptions
Total
372 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-41373 | 1 F5 | 18 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 15 more | 2023-10-17 | 9.9 Critical |
A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2023-41085 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2023-10-17 | 7.5 High |
When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2023-40542 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2023-10-17 | 7.5 High |
When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
CVE-2023-41253 | 1 F5 | 2 Big-ip Domain Name System, Big-ip Local Traffic Manager | 2023-10-17 | 5.5 Medium |
When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2023-3470 | 1 F5 | 41 Big-ip 10200v-f, Big-ip 10200v-f Firmware, Big-ip 10350v-f and 38 more | 2023-10-13 | 6.1 Medium |
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information required to generate the correct password. On vCMP systems, all Guests share the same deterministic password, allowing those with TMSH access on one Guest to access keys of a different Guest. The following BIG-IP hardware platforms are affected: 10350v-F, i5820-DF, i7820-DF, i15820-DF, 5250v-F, 7200v-F, 10200v-F, 6900-F, 8900-F, 11000-F, and 11050-F. The BIG-IP rSeries r5920-DF and r10920-DF are not affected, nor does the issue affect software FIPS implementations or network HSM configurations. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2023-28406 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2023-10-05 | 4.3 Medium |
A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2023-24594 | 1 F5 | 20 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 17 more | 2023-10-05 | 5.3 Medium |
When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2023-22374 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2023-10-04 | 8.5 High |
A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2020-5854 | 1 F5 | 17 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 14 more | 2023-08-16 | 5.9 Medium |
On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made. | ||||
CVE-2021-22991 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2023-08-08 | 9.8 Critical |
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may theoretically allow bypass of URL based access control or remote code execution (RCE). Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | ||||
CVE-2023-38419 | 1 F5 | 20 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 17 more | 2023-08-07 | 4.3 Medium |
An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2023-38138 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2023-08-07 | 6.1 Medium |
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2023-38423 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2023-08-07 | 5.4 Medium |
A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2023-29163 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2023-05-10 | 7.5 High |
When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2023-28742 | 1 F5 | 1 Big-ip Domain Name System | 2023-05-10 | 8.8 High |
When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2023-27378 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2023-05-10 | 6.1 Medium |
Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
CVE-2019-6633 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2023-02-16 | 4.4 Medium |
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mode, user accounts with Administrator and Resource Administrator roles can bypass Appliance mode restrictions. | ||||
CVE-2019-6600 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2023-02-16 | 6.1 Medium |
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients. | ||||
CVE-2019-6616 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2023-02-16 | 7.2 High |
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode. | ||||
CVE-2019-6617 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2023-02-16 | 6.5 Medium |
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access. This is contrary to our definition for the Resource Administrator (RA) role restrictions. |