CVSS: 10.0EPSS: 89%CPEs: 1EXPL: 1CVE-2024-21793 – BIG-IP Central Manager OData Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-21793
08 May 2024 — An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de inyección de OData en la API (URI) del Administrador Central de BIG-IP Next. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://github.com/FeatherStark/CVE-2024-21793 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33612 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2024-33612
08 May 2024 — An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de validación de certificados incorrecta en BIG-IP Next Central Manager y puede permitir que un atacante se haga pasar por un sistema de pr... • https://my.f5.com/manage/s/article/K000139012 • CWE-295: Improper Certificate Validation •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28132 – BIG-IP NEXT CNF vulnerability
https://notcve.org/view.php?id=CVE-2024-28132
08 May 2024 — Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de exposición de información confidencial en el contenedor GSLB, que puede permitir que un atacante autenticado con acceso local vea información confidencial. Nota: Las versiones de software que han llegado al final del sop... • https://my.f5.com/manage/s/article/K000138913 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32049 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2024-32049
08 May 2024 — BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Next Central Manager (CM) puede permitir que un atacante remoto no autenticado obtenga las credenciales de la instancia BIG-IP Next LTM/WAF. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000138634 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25560 – TMM Vulnerability
https://notcve.org/view.php?id=CVE-2024-25560
08 May 2024 — When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando se otorga licencia y aprovisionamiento de BIG-IP AFM, el tráfico DNS no divulgado puede provocar la finalización del Microkernel de gestión de tráfico (TMM). Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000139037 • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23306 – BIG-IP Next CNF & SPK vulnerability
https://notcve.org/view.php?id=CVE-2024-23306
14 Feb 2024 — A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Existe una vulnerabilidad en los sistemas BIG-IP Next CNF y SPK que puede permitir el acceso a archivos confidenciales no divulgados. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan • https://my.f5.com/manage/s/article/K000137886 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-23314 – BIG-IP HTTP/2 vulnerability
https://notcve.org/view.php?id=CVE-2024-23314
14 Feb 2024 — When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Cuando HTTP/2 está configurado en sistemas BIG-IP o BIG-IP Next SPK, las respuestas no reveladas pueden provocar la finalización del Microkernel de gestión de tráfico (TMM). Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se eval... • https://my.f5.com/manage/s/article/K000137675 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 1%CPEs: 14EXPL: 1CVE-2023-45886
https://notcve.org/view.php?id=CVE-2023-45886
21 Nov 2023 — The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute. BGP daemon (bgpd) en IP Infusion ZebOS hasta 7.10.6 permite a atacantes remotos provocar una Denegación de Servicio enviando mensajes de actualización de BGP manipulados que contienen un atributo con formato incorrecto. • https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45226 – BIG-IP Next SPK SSH vulnerability
https://notcve.org/view.php?id=CVE-2023-45226
10 Oct 2023 — The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Los contenedores BIG-IP SPK TMM (Módulo de gestión de tráfico) f5-debug-sidecar y f5-debug-sshd contienen creden... • https://my.f5.com/manage/s/article/K000135874 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 0CVE-2023-40534 – BIG-IP HTTP/2 vulnerability
https://notcve.org/view.php?id=CVE-2023-40534
10 Oct 2023 — When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando un perfil HTTP/2 del lado del cliente y la opción HTTP MRF Router están habilitadas para un servidor virtual, y una iRule que utiliza el evento HTTP_REQUEST ... • https://my.f5.com/manage/s/article/K000133467 • CWE-401: Missing Release of Memory after Effective Lifetime •