CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0CVE-2023-22842 – BIG-IP SIP profile vulnerability
https://notcve.org/view.php?id=CVE-2023-22842
01 Feb 2023 — On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K08182564 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 56EXPL: 0CVE-2023-22418 – BIG-IP APM virtual server vulnerability
https://notcve.org/view.php?id=CVE-2023-22418
01 Feb 2023 — On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K95503300 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.5EPSS: 0%CPEs: 56EXPL: 0CVE-2023-22374 – iControl SOAP vulnerability
https://notcve.org/view.php?id=CVE-2023-22374
01 Feb 2023 — A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de cadena de formato en iControl SOAP que permite a un atacante autenticado bloquear el proceso CGI... • https://my.f5.com/manage/s/article/K000130415 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2023-22340 – BIG-IP SIP profile vulnerability
https://notcve.org/view.php?id=CVE-2023-22340
01 Feb 2023 — On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K34525368 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 0CVE-2023-22326 – iControl REST and tmsh vulnerability
https://notcve.org/view.php?id=CVE-2023-22326
01 Feb 2023 — In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not e... • https://my.f5.com/manage/s/article/K83284425 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2023-22323 – BIG-IP SSL OCSP Authentication profile vulnerability
https://notcve.org/view.php?id=CVE-2023-22323
01 Feb 2023 — In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K56412001 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 93%CPEs: 51EXPL: 2CVE-2022-41800 – Appliance mode iControl REST vulnerability
https://notcve.org/view.php?id=CVE-2022-41800
24 Nov 2022 — In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En todas las versiones de BIG-IP, cuando se ejecuta en modo Dispositivo, un usuario autenticado al que se le haya asignado la funci... • https://packetstorm.news/files/id/170008 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 49%CPEs: 57EXPL: 3CVE-2022-41622 – iControl SOAP vulnerability
https://notcve.org/view.php?id=CVE-2022-41622
21 Nov 2022 — In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En todas las versiones, BIG-IP y BIG-IQ son vulnerables a ataques de Cross-Site Request Forgery (CSRF) a través de iControl SOAP. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://packetstorm.news/files/id/170847 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.7EPSS: 0%CPEs: 76EXPL: 0CVE-2022-41983 – BIG-IP TMM Vulnerability CVE-2022-41983
https://notcve.org/view.php?id=CVE-2022-41983
19 Oct 2022 — On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied. En plataformas de hardware específicas, En BIG-IP versiones 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.7, 14.1.x anteriores a 14.1.5.1 y todas las versiones de la 13.1.x, mi... • https://support.f5.com/csp/article/K31523465 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 55EXPL: 0CVE-2022-41832 – BIG-IP SIP vulnerability CVE-2022-41832
https://notcve.org/view.php?id=CVE-2022-41832
19 Oct 2022 — In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5.1 y 13.1.x anteriores a 13.1.5.1, cuando es configurado un perfil SIP en un servidor virtual, los mensa... • https://support.f5.com/csp/article/K10347453 • CWE-401: Missing Release of Memory after Effective Lifetime •