CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-22281 – BIG-IP AFM vulnerability
https://notcve.org/view.php?id=CVE-2023-22281
01 Feb 2023 — On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K46048342 • CWE-908: Use of Uninitialized Resource •
CVSS: 8.7EPSS: 93%CPEs: 51EXPL: 2CVE-2022-41800 – Appliance mode iControl REST vulnerability
https://notcve.org/view.php?id=CVE-2022-41800
24 Nov 2022 — In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En todas las versiones de BIG-IP, cuando se ejecuta en modo Dispositivo, un usuario autenticado al que se le haya asignado la funci... • https://packetstorm.news/files/id/170008 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 81%CPEs: 57EXPL: 3CVE-2022-41622 – iControl SOAP vulnerability
https://notcve.org/view.php?id=CVE-2022-41622
21 Nov 2022 — In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En todas las versiones, BIG-IP y BIG-IQ son vulnerables a ataques de Cross-Site Request Forgery (CSRF) a través de iControl SOAP. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://packetstorm.news/files/id/170847 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.7EPSS: 0%CPEs: 76EXPL: 0CVE-2022-41983 – BIG-IP TMM Vulnerability CVE-2022-41983
https://notcve.org/view.php?id=CVE-2022-41983
19 Oct 2022 — On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied. En plataformas de hardware específicas, En BIG-IP versiones 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.7, 14.1.x anteriores a 14.1.5.1 y todas las versiones de la 13.1.x, mi... • https://support.f5.com/csp/article/K31523465 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 55EXPL: 0CVE-2022-41832 – BIG-IP SIP vulnerability CVE-2022-41832
https://notcve.org/view.php?id=CVE-2022-41832
19 Oct 2022 — In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5.1 y 13.1.x anteriores a 13.1.5.1, cuando es configurado un perfil SIP en un servidor virtual, los mensa... • https://support.f5.com/csp/article/K10347453 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-41813 – BIG-IP PEM and AFM TMUI, TMSH and iControl vulnerability CVE-2022-41813
https://notcve.org/view.php?id=CVE-2022-41813
19 Oct 2022 — In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate. En versiones 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5 y todas las versiones 13.1.x, cuando BIG-IP es aprovisionado con el módulo PEM o AFM, una entrada no revelada puede causar la terminación del Traffic Management Microker... • https://support.f5.com/csp/article/K93723284 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41806 – BIG-IP AFM NAT64 Policy Vulnerability CVE-2022-41806
https://notcve.org/view.php?id=CVE-2022-41806
19 Oct 2022 — In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. En versiones 16.1.x anteriores a 16.1.3.2 y 15.1.x anteriores a 15.1.5.1, cuando es configurada la política de traducción de direcciones de red de BIG-IP AFM con reglas de traducción IPv6/IPv4 en un servidor virtual, las peticiones no reveladas pueden cau... • https://support.f5.com/csp/article/K00721320 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 57EXPL: 0CVE-2022-41770 – BIG-IP and BIG-IQ iControl REST vulnerability CVE-2022-41770
https://notcve.org/view.php?id=CVE-2022-41770
19 Oct 2022 — In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.7, 14.1.x anteriores a 14.1.5.1, y todas las versiones de la 13.1.x, y en BIG-IQ todas las versiones de la 8.x... • https://support.f5.com/csp/article/K22505850 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 44EXPL: 0CVE-2022-41694 – BIG-IP and BIG-IQ mcpd vulnerability CVE-2022-41694
https://notcve.org/view.php?id=CVE-2022-41694
19 Oct 2022 — In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate. En BIG-IP versiones 16.1.x anteriores a 16.1.3, 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5 y todas las versiones de la 13.1.x, y en las versiones de BIG-IQ 8.x anteriores a 8.2.0.1 y todas las versiones de la 7.x, ... • https://support.f5.com/csp/article/K64829234 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 55EXPL: 0CVE-2022-41624 – BIG-IP iRules vulnerability CVE-2022-41624
https://notcve.org/view.php?id=CVE-2022-41624
19 Oct 2022 — In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.2, 15.1.x anteriores a 15.1.7, 14.1.x anteriores a 14.1.5.2 y 13.1.x anteriores a 13.1.5.1, cuando es configurada una iRule de banda lateral en un servidor virtual... • https://support.f5.com/csp/article/K43024307 • CWE-401: Missing Release of Memory after Effective Lifetime •