CVSS: 7.8EPSS: 0%CPEs: 55EXPL: 0CVE-2022-41832 – BIG-IP SIP vulnerability CVE-2022-41832
https://notcve.org/view.php?id=CVE-2022-41832
19 Oct 2022 — In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5.1 y 13.1.x anteriores a 13.1.5.1, cuando es configurado un perfil SIP en un servidor virtual, los mensa... • https://support.f5.com/csp/article/K10347453 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-41813 – BIG-IP PEM and AFM TMUI, TMSH and iControl vulnerability CVE-2022-41813
https://notcve.org/view.php?id=CVE-2022-41813
19 Oct 2022 — In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate. En versiones 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5 y todas las versiones 13.1.x, cuando BIG-IP es aprovisionado con el módulo PEM o AFM, una entrada no revelada puede causar la terminación del Traffic Management Microker... • https://support.f5.com/csp/article/K93723284 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 57EXPL: 0CVE-2022-41770 – BIG-IP and BIG-IQ iControl REST vulnerability CVE-2022-41770
https://notcve.org/view.php?id=CVE-2022-41770
19 Oct 2022 — In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.7, 14.1.x anteriores a 14.1.5.1, y todas las versiones de la 13.1.x, y en BIG-IQ todas las versiones de la 8.x... • https://support.f5.com/csp/article/K22505850 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 44EXPL: 0CVE-2022-41694 – BIG-IP and BIG-IQ mcpd vulnerability CVE-2022-41694
https://notcve.org/view.php?id=CVE-2022-41694
19 Oct 2022 — In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate. En BIG-IP versiones 16.1.x anteriores a 16.1.3, 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5 y todas las versiones de la 13.1.x, y en las versiones de BIG-IQ 8.x anteriores a 8.2.0.1 y todas las versiones de la 7.x, ... • https://support.f5.com/csp/article/K64829234 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 55EXPL: 0CVE-2022-41624 – BIG-IP iRules vulnerability CVE-2022-41624
https://notcve.org/view.php?id=CVE-2022-41624
19 Oct 2022 — In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.2, 15.1.x anteriores a 15.1.7, 14.1.x anteriores a 14.1.5.2 y 13.1.x anteriores a 13.1.5.1, cuando es configurada una iRule de banda lateral en un servidor virtual... • https://support.f5.com/csp/article/K43024307 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.3EPSS: 0%CPEs: 44EXPL: 0CVE-2022-35735 – BIG-IP monitor configuration vulnerability CVE-2022-35735
https://notcve.org/view.php?id=CVE-2022-35735
04 Aug 2022 — In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.6.1, 14.1.x a... • https://support.f5.com/csp/article/K13213418 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 59EXPL: 0CVE-2022-35728 – iControl REST vulnerability CVE-2022-35728
https://notcve.org/view.php?id=CVE-2022-35728
04 Aug 2022 — In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1... • https://support.f5.com/csp/article/K55580033 • CWE-613: Insufficient Session Expiration •
CVSS: 9.1EPSS: 0%CPEs: 44EXPL: 0CVE-2022-35243 – Authenticated iControl REST in Appliance mode vulnerability CVE-2022-35243
https://notcve.org/view.php?id=CVE-2022-35243
04 Aug 2022 — In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.3,... • https://support.f5.com/csp/article/K11010341 • CWE-269: Improper Privilege Management •
CVSS: 9.4EPSS: 0%CPEs: 33EXPL: 0CVE-2022-34865 – Traffic intelligence feeds vulnerability CVE-2022-34865
https://notcve.org/view.php?id=CVE-2022-34865
04 Aug 2022 — In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5, y todas las versiones de 13.1.x, las alimentaciones de Inteligencia de Tráfico, que usan HTTPS, no verifican la identid... • https://support.f5.com/csp/article/K25046752 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 44EXPL: 1CVE-2022-34862 – TMM vulnerability CVE-2022-34862
https://notcve.org/view.php?id=CVE-2022-34862
04 Aug 2022 — In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5, y todas las versiones de 13.1.x, cuando ... • https://support.f5.com/csp/article/K66510514 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •