CVE-2023-23552 – BIG-IP Advanced WAF and ASM vulnerability
https://notcve.org/view.php?id=CVE-2023-23552
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K17542533 • CWE-400: Uncontrolled Resource Consumption •
CVE-2022-41983 – BIG-IP TMM Vulnerability CVE-2022-41983
https://notcve.org/view.php?id=CVE-2022-41983
On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied. En plataformas de hardware específicas, En BIG-IP versiones 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.7, 14.1.x anteriores a 14.1.5.1 y todas las versiones de la 13.1.x, mientras es usado Intel QAT (QuickAssist Technology) y el cifrado AES-GCM/CCM, las condiciones no reveladas pueden causar que BIG-IP envíe datos sin cifrar incluso con un perfil SSL aplicado • https://support.f5.com/csp/article/K31523465 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2022-41691 – BIG-IP Advanced WAF/ASM bd vulnerability CVE-2022-41691
https://notcve.org/view.php?id=CVE-2022-41691
When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Cuando es configurada una política de seguridad BIG-IP Advanced WAF/ASM en un servidor virtual, las peticiones no reveladas pueden causar la finalización del proceso bd • https://support.f5.com/csp/article/K02694732 • CWE-763: Release of Invalid Pointer or Reference •
CVE-2022-41617 – BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617
https://notcve.org/view.php?id=CVE-2022-41617
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface. En versiones 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5.1 y 13.1.x anteriores a 13.1.5.1, cuando es aprovisionado el módulo Advanced WAF / ASM, se presenta una vulnerabilidad de ejecución de código remoto autenticado en la interfaz REST de BIG-IP iControl • https://support.f5.com/csp/article/K11830089 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2022-29491
https://notcve.org/view.php?id=CVE-2022-29491
On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on the other (server/client), undisclosed requests can cause the TMM process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated En F5 BIG-IP LTM, Advanced WAF, ASM o APM versiones 16.1.x anteriores a 16.1.2.2, las versiones 15.1.x anteriores a 15.1.5, las versiones 14.1.x anteriores a 14.1.4.6 y todas las versiones de 13.1.x, 12.1.x y 11. 6.x, cuando un servidor virtual está configurado con HTTP, TCP en un lado (cliente/servidor), y DTLS en el otro (servidor/cliente), las peticiones no reveladas pueden causar la terminación del proceso TMM. Nota: Las versiones de software que han alcanzado el Fin de Soporte Técnico (EoTS) no son evaluadas • https://support.f5.com/csp/article/K14229426 • CWE-476: NULL Pointer Dereference •