CVSS: 5.3EPSS: 0%CPEs: 58EXPL: 0CVE-2023-24594 – BIG-IP TMM SSL vulnerability
https://notcve.org/view.php?id=CVE-2023-24594
03 May 2023 — When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000133132 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0CVE-2023-22842 – BIG-IP SIP profile vulnerability
https://notcve.org/view.php?id=CVE-2023-22842
01 Feb 2023 — On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K08182564 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2023-22664 – BIG-IP HTTP/2 profile vulnerability
https://notcve.org/view.php?id=CVE-2023-22664
01 Feb 2023 — On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K56676554 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2023-22422 – HTTP profile vulnerability
https://notcve.org/view.php?id=CVE-2023-22422
01 Feb 2023 — On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K43881487 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.4EPSS: 0%CPEs: 56EXPL: 0CVE-2023-22418 – BIG-IP APM virtual server vulnerability
https://notcve.org/view.php?id=CVE-2023-22418
01 Feb 2023 — On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K95503300 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.5EPSS: 5%CPEs: 56EXPL: 0CVE-2023-22374 – iControl SOAP vulnerability
https://notcve.org/view.php?id=CVE-2023-22374
01 Feb 2023 — A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de cadena de formato en iControl SOAP que permite a un atacante autenticado bloquear el proceso CGI... • https://my.f5.com/manage/s/article/K000130415 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2023-22340 – BIG-IP SIP profile vulnerability
https://notcve.org/view.php?id=CVE-2023-22340
01 Feb 2023 — On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K34525368 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 0CVE-2023-22326 – iControl REST and tmsh vulnerability
https://notcve.org/view.php?id=CVE-2023-22326
01 Feb 2023 — In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not e... • https://my.f5.com/manage/s/article/K83284425 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2023-22323 – BIG-IP SSL OCSP Authentication profile vulnerability
https://notcve.org/view.php?id=CVE-2023-22323
01 Feb 2023 — In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K56412001 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.9EPSS: 0%CPEs: 24EXPL: 0CVE-2023-22302 – BIG-IP HTTP profile vulnerability
https://notcve.org/view.php?id=CVE-2023-22302
01 Feb 2023 — In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K58550078 • CWE-772: Missing Release of Resource after Effective Lifetime •