CVSS: 6.4EPSS: 0%CPEs: 56EXPL: 0CVE-2023-22418 – BIG-IP APM virtual server vulnerability
https://notcve.org/view.php?id=CVE-2023-22418
01 Feb 2023 — On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K95503300 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.5EPSS: 0%CPEs: 56EXPL: 0CVE-2023-22374 – iControl SOAP vulnerability
https://notcve.org/view.php?id=CVE-2023-22374
01 Feb 2023 — A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de cadena de formato en iControl SOAP que permite a un atacante autenticado bloquear el proceso CGI... • https://my.f5.com/manage/s/article/K000130415 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-22358 – BIG-IP Edge Client for Windows vulnerability
https://notcve.org/view.php?id=CVE-2023-22358
01 Feb 2023 — In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K76964818 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2023-22340 – BIG-IP SIP profile vulnerability
https://notcve.org/view.php?id=CVE-2023-22340
01 Feb 2023 — On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K34525368 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 0CVE-2023-22326 – iControl REST and tmsh vulnerability
https://notcve.org/view.php?id=CVE-2023-22326
01 Feb 2023 — In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not e... • https://my.f5.com/manage/s/article/K83284425 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2023-22323 – BIG-IP SSL OCSP Authentication profile vulnerability
https://notcve.org/view.php?id=CVE-2023-22323
01 Feb 2023 — In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K56412001 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-22283 – BIG-IP Edge Client for Windows vulnerability
https://notcve.org/view.php?id=CVE-2023-22283
01 Feb 2023 — On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K07143733 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.7EPSS: 93%CPEs: 51EXPL: 2CVE-2022-41800 – Appliance mode iControl REST vulnerability
https://notcve.org/view.php?id=CVE-2022-41800
24 Nov 2022 — In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En todas las versiones de BIG-IP, cuando se ejecuta en modo Dispositivo, un usuario autenticado al que se le haya asignado la funci... • https://packetstorm.news/files/id/170008 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 49%CPEs: 57EXPL: 3CVE-2022-41622 – iControl SOAP vulnerability
https://notcve.org/view.php?id=CVE-2022-41622
21 Nov 2022 — In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En todas las versiones, BIG-IP y BIG-IQ son vulnerables a ataques de Cross-Site Request Forgery (CSRF) a través de iControl SOAP. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://packetstorm.news/files/id/170847 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.7EPSS: 0%CPEs: 76EXPL: 0CVE-2022-41983 – BIG-IP TMM Vulnerability CVE-2022-41983
https://notcve.org/view.php?id=CVE-2022-41983
19 Oct 2022 — On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied. En plataformas de hardware específicas, En BIG-IP versiones 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.7, 14.1.x anteriores a 14.1.5.1 y todas las versiones de la 13.1.x, mi... • https://support.f5.com/csp/article/K31523465 • CWE-319: Cleartext Transmission of Sensitive Information •