CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 0CVE-2023-22326 – iControl REST and tmsh vulnerability
https://notcve.org/view.php?id=CVE-2023-22326
01 Feb 2023 — In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not e... • https://my.f5.com/manage/s/article/K83284425 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2023-22323 – BIG-IP SSL OCSP Authentication profile vulnerability
https://notcve.org/view.php?id=CVE-2023-22323
01 Feb 2023 — In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K56412001 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 93%CPEs: 51EXPL: 2CVE-2022-41800 – Appliance mode iControl REST vulnerability
https://notcve.org/view.php?id=CVE-2022-41800
24 Nov 2022 — In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En todas las versiones de BIG-IP, cuando se ejecuta en modo Dispositivo, un usuario autenticado al que se le haya asignado la funci... • https://packetstorm.news/files/id/170008 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 49%CPEs: 57EXPL: 3CVE-2022-41622 – iControl SOAP vulnerability
https://notcve.org/view.php?id=CVE-2022-41622
21 Nov 2022 — In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En todas las versiones, BIG-IP y BIG-IQ son vulnerables a ataques de Cross-Site Request Forgery (CSRF) a través de iControl SOAP. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://packetstorm.news/files/id/170847 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.7EPSS: 0%CPEs: 76EXPL: 0CVE-2022-41983 – BIG-IP TMM Vulnerability CVE-2022-41983
https://notcve.org/view.php?id=CVE-2022-41983
19 Oct 2022 — On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied. En plataformas de hardware específicas, En BIG-IP versiones 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.7, 14.1.x anteriores a 14.1.5.1 y todas las versiones de la 13.1.x, mi... • https://support.f5.com/csp/article/K31523465 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-41833 – BIG-IP iRule vulnerability CVE-2022-41833
https://notcve.org/view.php?id=CVE-2022-41833
19 Oct 2022 — In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate. En todas las versiones de BIG-IP 13.1.x, cuando es configurada una iRule que contiene el comando HTTP::collect en un servidor virtual, las peticiones no reveladas pueden causar la terminación de Traffic Management Microkernel (TMM) • https://support.f5.com/csp/article/K69940053 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 55EXPL: 0CVE-2022-41832 – BIG-IP SIP vulnerability CVE-2022-41832
https://notcve.org/view.php?id=CVE-2022-41832
19 Oct 2022 — In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5.1 y 13.1.x anteriores a 13.1.5.1, cuando es configurado un perfil SIP en un servidor virtual, los mensa... • https://support.f5.com/csp/article/K10347453 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.8EPSS: 0%CPEs: 57EXPL: 0CVE-2022-41770 – BIG-IP and BIG-IQ iControl REST vulnerability CVE-2022-41770
https://notcve.org/view.php?id=CVE-2022-41770
19 Oct 2022 — In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.7, 14.1.x anteriores a 14.1.5.1, y todas las versiones de la 13.1.x, y en BIG-IQ todas las versiones de la 8.x... • https://support.f5.com/csp/article/K22505850 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 44EXPL: 0CVE-2022-41694 – BIG-IP and BIG-IQ mcpd vulnerability CVE-2022-41694
https://notcve.org/view.php?id=CVE-2022-41694
19 Oct 2022 — In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate. En BIG-IP versiones 16.1.x anteriores a 16.1.3, 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5 y todas las versiones de la 13.1.x, y en las versiones de BIG-IQ 8.x anteriores a 8.2.0.1 y todas las versiones de la 7.x, ... • https://support.f5.com/csp/article/K64829234 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 55EXPL: 0CVE-2022-41624 – BIG-IP iRules vulnerability CVE-2022-41624
https://notcve.org/view.php?id=CVE-2022-41624
19 Oct 2022 — In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.2, 15.1.x anteriores a 15.1.7, 14.1.x anteriores a 14.1.5.2 y 13.1.x anteriores a 13.1.5.1, cuando es configurada una iRule de banda lateral en un servidor virtual... • https://support.f5.com/csp/article/K43024307 • CWE-401: Missing Release of Memory after Effective Lifetime •