CVSS: 6.4EPSS: 0%CPEs: 52EXPL: 0CVE-2017-6156
https://notcve.org/view.php?id=CVE-2017-6156
13 Apr 2018 — When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary credentials to negotiate the phase 1 of the IPSec exchange to exploit this vulnerability; in many environment this limits the attack surface to other endpoints under the same administration. Cuando el sistema F5 BIG-IP, d... • https://support.f5.com/csp/article/K05263202 •
CVSS: 5.9EPSS: 0%CPEs: 65EXPL: 0CVE-2018-5501
https://notcve.org/view.php?id=CVE-2018-5501
01 Mar 2018 — In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control. En algunas circunstancias, en sistemas F5 BIG-IP que ejecutan 13.0.0, 12.1.0 - 12.1.3.1, cualquier versión 11.6.x o 11.5.x o 11.2.1, el perfil TCP DNS permite el buffering excesivo debido a la falta de control de flujo. • http://www.securityfocus.com/bid/103211 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 39EXPL: 0CVE-2018-5500
https://notcve.org/view.php?id=CVE-2018-5500
01 Mar 2018 — On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue. En sistemas F5 BIG-IP que ejecutan las versiones 13.0.0, 12.1.0 - 12.1.3.1 o 11.6.1 - 11.6.2, cada conexión Multipath TCP (MCTCP) que se establece filtra una pequeña cantidad de memoria. Los servidores virtuales que emplean el perfil TCP con la ... • http://www.securityfocus.com/bid/103217 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 0%CPEs: 104EXPL: 0CVE-2017-6164
https://notcve.org/view.php?id=CVE-2017-6164
21 Dec 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ... • http://www.securitytracker.com/id/1040054 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 109EXPL: 0CVE-2017-6161
https://notcve.org/view.php?id=CVE-2017-6161
27 Oct 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, A... • http://www.securityfocus.com/bid/101636 • CWE-400: Uncontrolled Resource Consumption •