CVSS: 8.7EPSS: 92%CPEs: 51EXPL: 2CVE-2022-41800 – Appliance mode iControl REST vulnerability
https://notcve.org/view.php?id=CVE-2022-41800
24 Nov 2022 — In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En todas las versiones de BIG-IP, cuando se ejecuta en modo Dispositivo, un usuario autenticado al que se le haya asignado la funci... • https://packetstorm.news/files/id/170008 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 81%CPEs: 57EXPL: 3CVE-2022-41622 – iControl SOAP vulnerability
https://notcve.org/view.php?id=CVE-2022-41622
21 Nov 2022 — In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En todas las versiones, BIG-IP y BIG-IQ son vulnerables a ataques de Cross-Site Request Forgery (CSRF) a través de iControl SOAP. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://packetstorm.news/files/id/170847 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 55EXPL: 0CVE-2022-41832 – BIG-IP SIP vulnerability CVE-2022-41832
https://notcve.org/view.php?id=CVE-2022-41832
19 Oct 2022 — In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5.1 y 13.1.x anteriores a 13.1.5.1, cuando es configurado un perfil SIP en un servidor virtual, los mensa... • https://support.f5.com/csp/article/K10347453 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.8EPSS: 0%CPEs: 57EXPL: 0CVE-2022-41770 – BIG-IP and BIG-IQ iControl REST vulnerability CVE-2022-41770
https://notcve.org/view.php?id=CVE-2022-41770
19 Oct 2022 — In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.7, 14.1.x anteriores a 14.1.5.1, y todas las versiones de la 13.1.x, y en BIG-IQ todas las versiones de la 8.x... • https://support.f5.com/csp/article/K22505850 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 55EXPL: 0CVE-2022-41624 – BIG-IP iRules vulnerability CVE-2022-41624
https://notcve.org/view.php?id=CVE-2022-41624
19 Oct 2022 — In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.2, 15.1.x anteriores a 15.1.7, 14.1.x anteriores a 14.1.5.2 y 13.1.x anteriores a 13.1.5.1, cuando es configurada una iRule de banda lateral en un servidor virtual... • https://support.f5.com/csp/article/K43024307 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 44EXPL: 0CVE-2022-36795 – BIG-IP software SYN cookies vulnerability CVE-2022-36795
https://notcve.org/view.php?id=CVE-2022-36795
19 Oct 2022 — In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.7 y 14.1.x anteriores a 14.1.5.1, cuando es configurado un perfil LTM TCP con la Ventana de Recepción Auto... • https://support.f5.com/csp/article/K52494562 • CWE-682: Incorrect Calculation •
CVSS: 10.0EPSS: 0%CPEs: 59EXPL: 0CVE-2022-35728 – iControl REST vulnerability CVE-2022-35728
https://notcve.org/view.php?id=CVE-2022-35728
04 Aug 2022 — In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1... • https://support.f5.com/csp/article/K55580033 • CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2022-35272 – BIG-IP HTTP MRF vulnerability CVE-2022-35272
https://notcve.org/view.php?id=CVE-2022-35272
04 Aug 2022 — In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1 y 16.1.x anteriores a 16.1.3.1, cuando es configurado source-port ... • https://support.f5.com/csp/article/K90024104 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.8EPSS: 0%CPEs: 56EXPL: 0CVE-2022-34851 – BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34851
https://notcve.org/view.php?id=CVE-2022-34851
04 Aug 2022 — In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.6.1, 14.1.x a... • https://support.f5.com/csp/article/K50310001 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 55EXPL: 0CVE-2022-33968 – BIG-IP LTM and APM NTLM vulnerability CVE-2022-33968
https://notcve.org/view.php?id=CVE-2022-33968
04 Aug 2022 — In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.6.1, 14.1.x ant... • https://support.f5.com/csp/article/K23465404 • CWE-125: Out-of-bounds Read •