Page 15 of 231 results (0.029 seconds)

CVSS: 10.0EPSS: 97%CPEs: 84EXPL: 50

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. En BIG-IP versiones 15.0.0 hasta 15.1.0.3, 14.1.0 hasta 14.1.2.5, 13.1.0 hasta 13.1.3.3, 12.1.0 hasta 12.1.5.1 y 11.6.1 hasta 11.6.5.1, el Traffic Management User Interface (TMUI), también se conoce como la utilidad de Configuración, presenta una vulnerabilidad de Ejecución de Código Remota (RCE) en páginas no reveladas BIG-IP versions 15.0.0 through 15.1.0.3, 14.1.0 through 14.1.2.5, 13.1.0 through 13.1.3.3, 12.1.0 through 12.1.5.1, and 11.6.1 through 11.6.5.1 suffer from Traffic Management User Interface (TMUI) arbitrary file read and command execution vulnerabilities. F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages. • https://github.com/MrCl0wnLab/checker-CVE-2020-5902 https://www.exploit-db.com/exploits/48711 https://www.exploit-db.com/exploits/48642 https://www.exploit-db.com/exploits/48643 https://github.com/jas502n/CVE-2020-5902 https://github.com/yassineaboukir/CVE-2020-5902 https://github.com/aqhmal/CVE-2020-5902-Scanner https://github.com/yasserjanah/CVE-2020-5902 https://github.com/dunderhay/CVE-2020-5902 https://github.com/nsflabs/CVE-2020-5902 https://github.com/zhzyke • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash. En versiones 7.1.5 hasta 7.1.9, el controlador BIG-IP Edge Client Windows Stonewall, no sanea el puntero recibido desde el userland. Un usuario local en el sistema cliente de Windows puede enviar peticiones DeviceIoControl hacia el dispositivo \\. • https://support.f5.com/csp/article/K69154630 •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions. En versiones 7.1.5-7.1.9, la carpeta temporal del Windows Installer Service de BIG-IP Edge Client, presenta permisos débiles de archivo y carpeta. • https://support.f5.com/csp/article/K15478554 • CWE-276: Incorrect Default Permissions •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component. En versiones 7.1.5 hasta 7.1.9, se presenta una vulnerabilidad de uso de la memoria previamente liberada en el componente BIG-IP Edge Client Windows ActiveX. • https://support.f5.com/csp/article/K20346072 • CWE-416: Use After Free •

CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0

In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory. En las versiones 7.1.5 hasta 7.1.8, los componentes de BIG-IP Edge Client en BIG-IP APM, Edge Gateway y FirePass legacy, permiten a atacantes obtener el ID de sesión completo desde la memoria de proceso. • https://support.f5.com/csp/article/K15838353 •