CVSS: 6.1EPSS: 0%CPEs: 44EXPL: 0CVE-2022-41694 – BIG-IP and BIG-IQ mcpd vulnerability CVE-2022-41694
https://notcve.org/view.php?id=CVE-2022-41694
19 Oct 2022 — In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate. En BIG-IP versiones 16.1.x anteriores a 16.1.3, 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5 y todas las versiones de la 13.1.x, y en las versiones de BIG-IQ 8.x anteriores a 8.2.0.1 y todas las versiones de la 7.x, ... • https://support.f5.com/csp/article/K64829234 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41691 – BIG-IP Advanced WAF/ASM bd vulnerability CVE-2022-41691
https://notcve.org/view.php?id=CVE-2022-41691
19 Oct 2022 — When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Cuando es configurada una política de seguridad BIG-IP Advanced WAF/ASM en un servidor virtual, las peticiones no reveladas pueden causar la finalización del proceso bd • https://support.f5.com/csp/article/K02694732 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.8EPSS: 0%CPEs: 55EXPL: 0CVE-2022-41624 – BIG-IP iRules vulnerability CVE-2022-41624
https://notcve.org/view.php?id=CVE-2022-41624
19 Oct 2022 — In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.2, 15.1.x anteriores a 15.1.7, 14.1.x anteriores a 14.1.5.2 y 13.1.x anteriores a 13.1.5.1, cuando es configurada una iRule de banda lateral en un servidor virtual... • https://support.f5.com/csp/article/K43024307 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.3EPSS: 2%CPEs: 8EXPL: 0CVE-2022-41617 – BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617
https://notcve.org/view.php?id=CVE-2022-41617
19 Oct 2022 — In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface. En versiones 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.6.1, 14.1.x anteriores a 14.1.5.1 y 13.1.x anteriores a 13.1.5.1, cuando es aprovisionado el módulo Advanced WAF / ASM, se presenta una vulnerabilidad de ejecución de código remoto a... • https://support.f5.com/csp/article/K11830089 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 44EXPL: 0CVE-2022-36795 – BIG-IP software SYN cookies vulnerability CVE-2022-36795
https://notcve.org/view.php?id=CVE-2022-36795
19 Oct 2022 — In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.7 y 14.1.x anteriores a 14.1.5.1, cuando es configurado un perfil LTM TCP con la Ventana de Recepción Auto... • https://support.f5.com/csp/article/K52494562 • CWE-682: Incorrect Calculation •
CVSS: 8.3EPSS: 0%CPEs: 44EXPL: 0CVE-2022-35735 – BIG-IP monitor configuration vulnerability CVE-2022-35735
https://notcve.org/view.php?id=CVE-2022-35735
04 Aug 2022 — In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.3.1, 15.1.x anteriores a 15.1.6.1, 14.1.x a... • https://support.f5.com/csp/article/K13213418 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 59EXPL: 0CVE-2022-35728 – iControl REST vulnerability CVE-2022-35728
https://notcve.org/view.php?id=CVE-2022-35728
04 Aug 2022 — In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1, 16.1.x anteriores a 16.1.3.1, 15.1... • https://support.f5.com/csp/article/K55580033 • CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2022-35272 – BIG-IP HTTP MRF vulnerability CVE-2022-35272
https://notcve.org/view.php?id=CVE-2022-35272
04 Aug 2022 — In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 17.0.x anteriores a 17.0.0.1 y 16.1.x anteriores a 16.1.3.1, cuando es configurado source-port ... • https://support.f5.com/csp/article/K90024104 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.1EPSS: 0%CPEs: 44EXPL: 0CVE-2022-35243 – Authenticated iControl REST in Appliance mode vulnerability CVE-2022-35243
https://notcve.org/view.php?id=CVE-2022-35243
04 Aug 2022 — In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En BIG-IP versiones 16.1.x anteriores a 16.1.3,... • https://support.f5.com/csp/article/K11010341 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2022-35240 – BIG-IP Message Routing MQTT vulnerability CVE-2022-35240
https://notcve.org/view.php?id=CVE-2022-35240
04 Aug 2022 — In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En las versiones 16.1.x anteriores a 16.1.2.2, 15.1.x anteriores a 15.1.6.1 y 14.1.x anteriores a 14.1.5 de BIG-IP, cuando el perfil M... • https://support.f5.com/csp/article/K28405643 • CWE-404: Improper Resource Shutdown or Release •