Big IP
by F5, Inc.
CVEs (626)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-41253 | 0.00 | — | 0.00 | Oct 10, 2023 | When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2023-41085 | 0.00 | — | 0.01 | Oct 10, 2023 | When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2023-40542 | 0.00 | — | 0.01 | Oct 10, 2023 | When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||
| CVE-2023-40537 | 0.00 | — | 0.00 | Oct 10, 2023 | An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2023-40534 | 0.00 | — | 0.01 | Oct 10, 2023 | When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions… | |||
| CVE-2023-39447 | 0.00 | — | 0.00 | Oct 10, 2023 | When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2023-43125 | 0.00 | — | 0.00 | Sep 27, 2023 | BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||
| CVE-2023-43124 | 0.00 | — | 0.00 | Sep 27, 2023 | BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||
| CVE-2023-38423 | 0.00 | — | 0.00 | Aug 2, 2023 | A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS)… | |||
| CVE-2023-38419 | 0.00 | — | 0.00 | Aug 2, 2023 | An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2023-38138 | 0.00 | — | 0.00 | Aug 2, 2023 | A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical… | |||
| CVE-2023-3470 | 0.00 | — | 0.00 | Aug 2, 2023 | Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS… | |||
| CVE-2023-29240 | 0.00 | — | 0.00 | May 3, 2023 | An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2023-29163 | 0.00 | — | 0.01 | May 3, 2023 | When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2023-28742 | 0.00 | — | 0.01 | May 3, 2023 | When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||
| CVE-2023-28406 | 0.00 | — | 0.01 | May 3, 2023 | A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is… | |||
| CVE-2023-27378 | 0.00 | — | 0.00 | May 3, 2023 | Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical… | |||
| CVE-2023-22842 | 0.00 | — | 0.01 | Feb 1, 2023 | On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. … | |||
| CVE-2023-22839 | 0.00 | — | 0.01 | Feb 1, 2023 | On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled,… | |||
| CVE-2023-22664 | 0.00 | — | 0.01 | Feb 1, 2023 | On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource… |
- CVE-2023-41253Oct 10, 2023risk 0.00cvss —epss 0.00
When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2023-41085Oct 10, 2023risk 0.00cvss —epss 0.01
When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2023-40542Oct 10, 2023risk 0.00cvss —epss 0.01
When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
- CVE-2023-40537Oct 10, 2023risk 0.00cvss —epss 0.00
An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2023-40534Oct 10, 2023risk 0.00cvss —epss 0.01
When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions…
- CVE-2023-39447Oct 10, 2023risk 0.00cvss —epss 0.00
When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2023-43125Sep 27, 2023risk 0.00cvss —epss 0.00
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
- CVE-2023-43124Sep 27, 2023risk 0.00cvss —epss 0.00
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
- CVE-2023-38423Aug 2, 2023risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS)…
- CVE-2023-38419Aug 2, 2023risk 0.00cvss —epss 0.00
An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2023-38138Aug 2, 2023risk 0.00cvss —epss 0.00
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical…
- CVE-2023-3470Aug 2, 2023risk 0.00cvss —epss 0.00
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS…
- CVE-2023-29240May 3, 2023risk 0.00cvss —epss 0.00
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2023-29163May 3, 2023risk 0.00cvss —epss 0.01
When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2023-28742May 3, 2023risk 0.00cvss —epss 0.01
When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2023-28406May 3, 2023risk 0.00cvss —epss 0.01
A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is…
- CVE-2023-27378May 3, 2023risk 0.00cvss —epss 0.00
Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical…
- CVE-2023-22842Feb 1, 2023risk 0.00cvss —epss 0.01
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. …
- CVE-2023-22839Feb 1, 2023risk 0.00cvss —epss 0.01
On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled,…
- CVE-2023-22664Feb 1, 2023risk 0.00cvss —epss 0.01
On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource…
Page 13 of 32