VYPR

Big IP

by F5, Inc.

CVEs (626)

  • CVE-2023-41253Oct 10, 2023
    risk 0.00cvss epss 0.00

    When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2023-41085Oct 10, 2023
    risk 0.00cvss epss 0.01

    When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2023-40542Oct 10, 2023
    risk 0.00cvss epss 0.01

    When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

  • CVE-2023-40537Oct 10, 2023
    risk 0.00cvss epss 0.00

    An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2023-40534Oct 10, 2023
    risk 0.00cvss epss 0.01

    When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions…

  • CVE-2023-39447Oct 10, 2023
    risk 0.00cvss epss 0.00

    When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2023-43125Sep 27, 2023
    risk 0.00cvss epss 0.00

    BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

  • CVE-2023-43124Sep 27, 2023
    risk 0.00cvss epss 0.00

    BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

  • CVE-2023-38423Aug 2, 2023
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS)…

  • CVE-2023-38419Aug 2, 2023
    risk 0.00cvss epss 0.00

    An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2023-38138Aug 2, 2023
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical…

  • CVE-2023-3470Aug 2, 2023
    risk 0.00cvss epss 0.00

    Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account.  The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS…

  • CVE-2023-29240May 3, 2023
    risk 0.00cvss epss 0.00

    An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2023-29163May 3, 2023
    risk 0.00cvss epss 0.01

    When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2023-28742May 3, 2023
    risk 0.00cvss epss 0.01

    When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2023-28406May 3, 2023
    risk 0.00cvss epss 0.01

    A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is…

  • CVE-2023-27378May 3, 2023
    risk 0.00cvss epss 0.00

    Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical…

  • CVE-2023-22842Feb 1, 2023
    risk 0.00cvss epss 0.01

    On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. …

  • CVE-2023-22839Feb 1, 2023
    risk 0.00cvss epss 0.01

    On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled,…

  • CVE-2023-22664Feb 1, 2023
    risk 0.00cvss epss 0.01

    On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource…

Page 13 of 32