CVSS: 5.9EPSS: 1%CPEs: 50EXPL: 0CVE-2017-6162
https://notcve.org/view.php?id=CVE-2017-6162
27 Oct 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may crash when processing TCP traffic. This vulnerability affects TMM via a virtual server configured with TCP profile. Traffic processing is disrupted while Traffic Management Microkernel (TMM) restarts. If the affected BIG-IP system is configured to be part of a device group, it will trigger a failover to the... • http://www.securityfocus.com/bid/101635 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 1%CPEs: 56EXPL: 0CVE-2017-6163
https://notcve.org/view.php?id=CVE-2017-6163
27 Oct 2017 — In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exp... • http://www.securityfocus.com/bid/101606 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 92EXPL: 0CVE-2017-0303
https://notcve.org/view.php?id=CVE-2017-0303
27 Oct 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections... • http://www.securityfocus.com/bid/101612 • CWE-459: Incomplete Cleanup •
CVSS: 9.8EPSS: 2%CPEs: 111EXPL: 0CVE-2017-6165
https://notcve.org/view.php?id=CVE-2017-6165
20 Oct 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y WebSafe 11.5.1 HF6 has... • http://www.securityfocus.com/bid/101543 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.4EPSS: 0%CPEs: 136EXPL: 0CVE-2016-7469
https://notcve.org/view.php?id=CVE-2016-7469
09 Jun 2017 — A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable. Una vulnerab... • http://www.securityfocus.com/bid/95320 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 45EXPL: 0CVE-2017-6131
https://notcve.org/view.php?id=CVE-2017-6131
23 May 2017 — In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH. En algunas circunstancias, una instancia de nube de Azure de F5 BIG-IP versiones 12.0.0... • http://www.securitytracker.com/id/1038569 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 134EXPL: 0CVE-2016-9250
https://notcve.org/view.php?id=CVE-2016-9250
10 May 2017 — In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism. En F5 BIG-IP 11.2.1, 11.4.0 a 11.6.1 y 12.0.0 a 12.1.2, un usuario no autenticado con acceso al panel de control puede ser capaz de borrar archivos arbitrarios a través de un mecanismo no revelado. • https://support.f5.com/csp/article/K55792317 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.9EPSS: 0%CPEs: 50EXPL: 0CVE-2017-6137
https://notcve.org/view.php?id=CVE-2017-6137
09 May 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations. En LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator y WebSafe ... • http://www.securitytracker.com/id/1038409 •
CVSS: 8.8EPSS: 0%CPEs: 40EXPL: 0CVE-2016-9251
https://notcve.org/view.php?id=CVE-2016-9251
09 May 2017 — In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection. En F5 BIG-IP desde la versión 12.0.0 hasta la 12.1.2, un atacante autenticado puede causar una escalada de privilegios a través de una conexión iControl REST manipulada. • http://www.securitytracker.com/id/1038414 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 0CVE-2016-9256
https://notcve.org/view.php?id=CVE-2016-9256
09 May 2017 — In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change. En F5 BIG-IP desde la versión 12.1.0 hasta la 12.1.2, los permisos forzados por iControl pueden q... • http://www.securityfocus.com/bid/96464 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •