CVSS: 7.2EPSS: 0%CPEs: 79EXPL: 0CVE-2018-5523
https://notcve.org/view.php?id=CVE-2018-5523
On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. En F5 BIG-IP, de la versión 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o 11.2.1 y Enterprise Manager 3.1.1, cuando los usuarios administrativos autenticados ejecutan comandos en el TMUI (Traffic Management User Interface), también llamado utilidad BIG-IP Configuration, podrían no aplicarse las restricciones sobre los comandos permitidos. • http://www.securitytracker.com/id/1041022 http://www.securitytracker.com/id/1041023 https://support.f5.com/csp/article/K50254952 •
CVSS: 5.3EPSS: 0%CPEs: 78EXPL: 0CVE-2017-6153
https://notcve.org/view.php?id=CVE-2017-6153
Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack. Las características en el sistema F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o 11.2.1 que emplean directamente la funcionalidad inflate, mediante un iRule o mediante el código inflate del módulo PEM están sujetos a una interrupción del servicio mediante un ataque de "Zip Bomb". • http://www.securitytracker.com/id/1041024 https://support.f5.com/csp/article/K52167636 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2018-5513
https://notcve.org/view.php?id=CVE-2018-5513
On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue. En F5 BIG-IP, 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o en la versión 11.2.1, un handshake TLS mal formado hace que TMM se cierre inesperadamente, lo que conduce a una interrupción del servicio. Este problema solo se expone en el plano de datos cuando la configuración Proxy SSL está habilitada. • http://www.securitytracker.com/id/1041017 https://support.f5.com/csp/article/K46940010 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-5512
https://notcve.org/view.php?id=CVE-2018-5512
On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart. En F5 BIG-IP 13.1.0-13.1.0.5, cuando las cookies Large Receive Offload (LRO) y SYN están habilitadas (configuración por defecto), los patrones de tráfico no revelados pueden hacer que TMM se reinicie. • http://www.securityfocus.com/bid/104095 http://www.securitytracker.com/id/1040801 https://support.f5.com/csp/article/K51754851 •
CVSS: 5.4EPSS: 0%CPEs: 26EXPL: 0CVE-2018-5518
https://notcve.org/view.php?id=CVE-2018-5518
On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in "Appliance Mode" may be impacted however the exploit is not possible from an Appliance Mode guest. • http://www.securitytracker.com/id/1040797 https://support.f5.com/csp/article/K03165684 •