Page 50 of 281 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue. En F5 BIG-IP, 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o en la versión 11.2.1, un handshake TLS mal formado hace que TMM se cierre inesperadamente, lo que conduce a una interrupción del servicio. Este problema solo se expone en el plano de datos cuando la configuración Proxy SSL está habilitada. • http://www.securitytracker.com/id/1041017 https://support.f5.com/csp/article/K46940010 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 53EXPL: 0

A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data. Existe una vulnerabilidad de archivos locales en la utilidad de configuración de F5 BIG-IP en las versiones 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5 o 11.2.1 que solo incluye datos proporcionados por F5 y no incluye ningún dato de configuración tráfico en proxy u otros datos de cliente potencialmente sensibles. • http://www.securitytracker.com/id/1041018 https://support.f5.com/csp/article/K00363258 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 26EXPL: 0

On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in "Appliance Mode" may be impacted however the exploit is not possible from an Appliance Mode guest. • http://www.securitytracker.com/id/1040797 https://support.f5.com/csp/article/K03165684 •

CVSS: 6.3EPSS: 0%CPEs: 13EXPL: 0

On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event. En F5 BIG-IP 13.0.0-13.1.0.5, el uso de respuestas de autenticación RADIUS de un servidor RADIUS con direcciones IPv6 podría hacer que TMM se cerrase inesperadamente, lo que conduce a un evento de conmutación por error. • http://www.securityfocus.com/bid/104099 http://www.securitytracker.com/id/1040802 https://support.f5.com/csp/article/K62750376 • CWE-20: Improper Input Validation •

CVSS: 4.7EPSS: 0%CPEs: 44EXPL: 0

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed. En F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2 o 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 o 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0 o F5 iWorkflow 2.0.2-2.3.0, los usuarios autenticados que tengan acceso TMOS Shell (tmsh) pueden acceder a objetos en el sistema de archivos a los que normalmente no tendrían acceso por las restricciones de tmsh. Esto permite que atacantes autenticados con bajos privilegios exfiltren objetos en el sistema de archivos, algo que no deberían poder hacer. • http://www.securitytracker.com/id/1040799 http://www.securitytracker.com/id/1040800 https://support.f5.com/csp/article/K37442533 • CWE-732: Incorrect Permission Assignment for Critical Resource •