VYPR

Big IP

by F5, Inc.

CVEs (626)

  • CVE-2020-5872Apr 30, 2020
    risk 0.00cvss epss 0.01

    On BIG-IP 14.1.0-14.1.2.3, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.4.1, when processing TLS traffic with hardware cryptographic acceleration enabled on platforms with Intel QAT hardware, the Traffic Management Microkernel (TMM) may stop responding and cause a failover…

  • CVE-2020-5871Apr 30, 2020
    risk 0.00cvss epss 0.01

    On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service (DoS) when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is…

  • CVE-2020-5870Apr 24, 2020
    risk 0.00cvss epss 0.01

    In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer.

  • CVE-2020-5869Apr 24, 2020
    risk 0.00cvss epss 0.00

    In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit.

  • CVE-2020-5868Apr 24, 2020
    risk 0.00cvss epss 0.02

    In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface.

  • CVE-2020-5862Mar 27, 2020
    risk 0.00cvss epss 0.01

    On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms, hardware or virtual, or any…

  • CVE-2020-5861Mar 27, 2020
    risk 0.00cvss epss 0.01

    On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors.

  • CVE-2020-5858Mar 27, 2020
    risk 0.00cvss epss 0.00

    On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands…

  • CVE-2020-5859Mar 27, 2020
    risk 0.00cvss epss 0.01

    On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file.

  • CVE-2020-5860Mar 27, 2020
    risk 0.00cvss epss 0.01

    On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of…

  • CVE-2020-5854Feb 6, 2020
    risk 0.00cvss epss 0.01

    On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made.

  • CVE-2020-5856Feb 6, 2020
    risk 0.00cvss epss 0.01

    On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart.

  • CVE-2020-5853Jan 14, 2020
    risk 0.00cvss epss 0.01

    In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict.

  • CVE-2020-5852Jan 14, 2020
    risk 0.00cvss epss 0.01

    Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only…

  • CVE-2020-5851Jan 14, 2020
    risk 0.00cvss epss 0.00

    On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE: This vulnerability does not affect any of the BIG-IP…

  • CVE-2019-19151Dec 23, 2019
    risk 0.00cvss epss 0.00

    On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges…

  • CVE-2019-6688Dec 23, 2019
    risk 0.00cvss epss 0.01

    On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5 and BIG-IQ versions 6.0.0-6.1.0 and 5.2.0-5.4.0, a user is able to obtain the secret that was being used to encrypt a BIG-IP UCS backup file while sending SNMP…

  • CVE-2019-6687Dec 23, 2019
    risk 0.00cvss epss 0.00

    On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints.

  • CVE-2019-19150Dec 23, 2019
    risk 0.00cvss epss 0.01

    On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled.

  • CVE-2019-6685Dec 23, 2019
    risk 0.00cvss epss 0.00

    On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system…

Page 25 of 32