CVSS: 4.4EPSS: 0%CPEs: 76EXPL: 0CVE-2023-45219 – BIG-IP tmsh vulnerability
https://notcve.org/view.php?id=CVE-2023-45219
10 Oct 2023 — Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. La vulnerabilidad de exposición a información confidencial existe en un comando de BIG-IP TMOS shell (tmsh) no divulgado que puede permitir que un atacante autenticado con privilegios de administr... • https://my.f5.com/manage/s/article/K20307245 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.7EPSS: 0%CPEs: 54EXPL: 0CVE-2023-43746 – BIG-IP Appliance mode external monitor vulnerability
https://notcve.org/view.php?id=CVE-2023-43746
10 Oct 2023 — When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando se ejecuta en modo Appliance, un usuario autenticado al que se le haya asignado la función de Administrator puede evitar las restricciones del mod... • https://my.f5.com/manage/s/article/K41072952 • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.8EPSS: 0%CPEs: 78EXPL: 0CVE-2023-43611 – BIG-IP Edge Client for macOS vulnerability
https://notcve.org/view.php?id=CVE-2023-43611
10 Oct 2023 — The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated El instalador del cliente BIG-IP Edge en macOS no sigue las mejores prácticas para elevar los privilegios durante el proceso de instalación. Esta vulnerabilidad se debe a una solución incompleta para CVE-2023-38418. Nota:... • https://my.f5.com/manage/s/article/K000136185 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.5EPSS: 0%CPEs: 74EXPL: 0CVE-2023-43485 – BIGIP and BIG-IQ TACACS+ audit log Vulnerability
https://notcve.org/view.php?id=CVE-2023-43485
10 Oct 2023 — When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando el reenvío de auditoría TACACS+ está configurado en el sistema BIG-IP o BIG-IQ, el secreto compartido se registra en texto plano en el audit log. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K06110200 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.3EPSS: 0%CPEs: 76EXPL: 0CVE-2023-42768 – BIG-IP iControl REST vulnerability
https://notcve.org/view.php?id=CVE-2023-42768
10 Oct 2023 — When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando a un usuario no administrador se le ha asignado una función de administrador a través de una solicitud iControl REST PUT ... • https://my.f5.com/manage/s/article/K26910459 • CWE-613: Insufficient Session Expiration •
CVSS: 6.8EPSS: 0%CPEs: 77EXPL: 0CVE-2023-41964 – BIG-IP and BIG-IQ Database Variable vulnerability
https://notcve.org/view.php?id=CVE-2023-41964
10 Oct 2023 — The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Los sistemas BIG-IP y BIG-IQ no cifran cierta información confidencial escrita en las variables de la Base de Datos (DB). Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K20850144 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.9EPSS: 0%CPEs: 90EXPL: 0CVE-2023-41373 – BIG-IP Configuration Utility vulnerability
https://notcve.org/view.php?id=CVE-2023-41373
10 Oct 2023 — A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de directory traversal en la utilidad de configuración BIG-IP que puede permitir que un atacante autenticado ej... • https://my.f5.com/manage/s/article/K000135689 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 76EXPL: 0CVE-2023-41085 – BIG-IP IPSEC vulnerability
https://notcve.org/view.php?id=CVE-2023-41085
10 Oct 2023 — When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando se configura IPSec en un servidor virtual, el tráfico no divulgado puede provocar la finalización de TMM. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000132420 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 76EXPL: 0CVE-2023-40542 – BIG-IP TCP Profile vulnerability
https://notcve.org/view.php?id=CVE-2023-40542
10 Oct 2023 — When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Cuando la aceptación verificada de TCP está habilitada en un perfil TCP configurado en un servidor virtual, las solicitudes no divulgadas pueden provocar un aumento en la utilización de recursos de memoria. Nota: Las versiones de software que han lleg... • https://my.f5.com/manage/s/article/K000134652 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.1EPSS: 0%CPEs: 54EXPL: 0CVE-2023-40537 – Multi-blade VIPRION Configuration utility session cookie vulnerability
https://notcve.org/view.php?id=CVE-2023-40537
10 Oct 2023 — An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. La cookie de sesión de un usuario autenticado puede permanecer válida por un tiempo limitado después de cerrar sesión en la utilidad de configuración BIG-IP en una plataforma VIPRION multiblade. Nota: Las versiones de software que han llegado al End of... • https://my.f5.com/manage/s/article/K29141800 • CWE-613: Insufficient Session Expiration •