CVSS: 4.9EPSS: 0%CPEs: 176EXPL: 0CVE-2014-6031
https://notcve.org/view.php?id=CVE-2014-6031
Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and Enterprise Manager 2.1.0 through 2.3.0 and 3.x before 3.1.1 HF5 allows remote authenticated administrators to cause a denial of service via unspecified vectors. Desbordamiento de buffer en el demonio mcpq en sistemas F5 BIG-IP, versiones 10.x anteriores a la 10.2.4 HF12, 11.x anteriores a la 11.2.1 HF15, 11.3.x, 11.4.x anteriores a la 11.4.1 HF9, 11.5.x anteriores a la 11.5.2 HF1 y 11.6.0 anteriores a la HF4 y Enterprise Manager, versiones de la 2.1.0 a la 2.3.0 y 3.x anteriores a la 3.1.1 HF5, que permitiría a administradores autenticados causar una denegación de servicio a través de vectores no especificados. • https://support.f5.com/csp/article/K16196 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 45EXPL: 0CVE-2017-6131
https://notcve.org/view.php?id=CVE-2017-6131
In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH. En algunas circunstancias, una instancia de nube de Azure de F5 BIG-IP versiones 12.0.0 hasta 12.1.2 y versión 13.0.0, puede contener una contraseña administrativa por defecto que podría usarse para iniciar sesión de manera remota en el sistema BIG-IP. • http://www.securitytracker.com/id/1038569 https://support.f5.com/csp/article/K61757346 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 68EXPL: 0CVE-2016-7476
https://notcve.org/view.php?id=CVE-2016-7476
The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from a memory leak while handling certain types of TCP traffic. Remote attackers may cause a denial of service (DoS) by way of a crafted TCP packet. El Traffic Management Microkernel (TMM) en F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM y WebSafe versión 11.6.0 y anteriores a 11.6.0 HF6, versión 11.5.0 y anteriores a 11.5.3 HF2 , y versión 11.3.0 y anteriores a 11.4.1 HF10, puede sufrir una fuga de memoria al manejar ciertos tipos de tráfico TCP. Los atacantes remotos pueden causar una denegación de servicio (DoS) a través de un paquete TCP manipulado. • http://www.securityfocus.com/bid/94353 http://www.securitytracker.com/id/1037274 https://support.f5.com/csp/#/article/K87416818 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 134EXPL: 0CVE-2016-9250
https://notcve.org/view.php?id=CVE-2016-9250
In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism. En F5 BIG-IP 11.2.1, 11.4.0 a 11.6.1 y 12.0.0 a 12.1.2, un usuario no autenticado con acceso al panel de control puede ser capaz de borrar archivos arbitrarios a través de un mecanismo no revelado. • https://support.f5.com/csp/article/K55792317 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 40EXPL: 0CVE-2016-9251
https://notcve.org/view.php?id=CVE-2016-9251
In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection. En F5 BIG-IP desde la versión 12.0.0 hasta la 12.1.2, un atacante autenticado puede causar una escalada de privilegios a través de una conexión iControl REST manipulada. • http://www.securitytracker.com/id/1038414 https://support.f5.com/csp/article/K41107914 • CWE-264: Permissions, Privileges, and Access Controls •