Page 8 of 224 results (0.004 seconds)

CVSS: 10.0EPSS: 97%CPEs: 73EXPL: 13

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2.1, versiones 14.1.x anteriores a 14.1.4, versiones 13.1.x anteriores a 13.1.3.6 y versiones 12.1.x anteriores a 12.1.5.3 y BIG-IQ versiones 7.1 .0.x anteriores a 7.1.0.3 y versiones 7.0.0.x anteriores a 7.0.0.2, la interfaz REST de iControl presenta una vulnerabilidad de ejecución de comandos remota no autenticada. Nota: No son evaluadas las versiones de software que han alcanzado End of Software Development (EoSD). F5 BIG-IP version 16.0.x suffers from an iControl REST remote code execution vulnerability. • https://www.exploit-db.com/exploits/49738 https://github.com/Al1ex/CVE-2021-22986 https://github.com/dorkerdevil/CVE-2021-22986-Poc https://github.com/Tas9er/CVE-2021-22986 https://github.com/microvorld/CVE-2021-22986 https://github.com/amitlttwo/CVE-2021-22986 https://github.com/huydung26/CVE-2021-22986 https://github.com/DDestinys/CVE-2021-22986 https://github.com/dotslashed/CVE-2021-22986 https://github.com/kiri-48/CVE-2021-22986 https://github.com/Osyanina/ • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 9.0EPSS: 0%CPEs: 84EXPL: 0

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2.1, versiones 14.1.x anteriores a 14.1.4, versiones 13.1.x anteriores a 13.1.3.6, versiones 12.1.x anteriores a 12.1.5.3 y versiones 11.6.x anteriores a 11.6.5.3, TMUI, también se conoce como la utilidad Configuration, presenta una vulnerabilidad de ejecución de comandos remota autenticada en páginas no divulgadas. Nota: No son evaluadas las versiones de software que han alcanzado End of Software Development (EoSD). • https://support.f5.com/csp/article/K70031188 •

CVSS: 9.8EPSS: 37%CPEs: 84EXPL: 0

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, a malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution (RCE), leading to complete system compromise. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2.1, versiones 14.1.x anteriores a 14.1.4, versiones 13.1.x anteriores a 13.1.3.6, versiones 12.1.x anteriores a 12.1.5.3 y versiones 11.6.x anteriores a 11.6.5.3, una respuesta HTTP maliciosa para un servidor virtual de Advanced WAF o ASM BIG-IP con la página de inicio de sesión configurada en su política puede desencadenar un desbordamiento del búfer, resultando en un ataque de DoS. En determinadas situaciones, puede permitir una ejecución de código remota (RCE), conllevando a un compromiso completo del sistema. • https://support.f5.com/csp/article/K52510511 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 85%CPEs: 70EXPL: 0

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may theoretically allow bypass of URL based access control or remote code execution (RCE). Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1.1, versiones 15.1.x anteriores a 15.1.2.1, versiones 14.1.x anteriores a 14.1.4, versiones 13.1.x anteriores a 13.1.3.6 y versiones 12.1.x anteriores a 12.1.5.3, unas peticiones no reveladas a un servidor virtual pueden ser manejadas incorrectamente por la normalización del URI de Traffic Management Microkernel (TMM), lo que puede desencadenar un desbordamiento del búfer, resultando en un ataque de DoS. En determinadas situaciones, teóricamente puede permitir la omisión del control de acceso basado en URL o una ejecución de código remota (RCE). • https://support.f5.com/csp/article/K56715231 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.3EPSS: 0%CPEs: 84EXPL: 0

On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. En BIG-IP versiones 16.0.x anteriores a 16.0.1, versiones 15.1.x anteriores a 15.1.1, versiones 14.1.x anteriores a 14.1.3.1, versiones 13.1.x anteriores a 13.1.3.5 y todas las versiones 12.1.xy 11.6.x, endpoints no divulgados en iControl REST permiten un ataque de tipo XSS reflejado, lo que podría conllevar a un compromiso completo de BIG-IP si el usuario víctima se otorgaba el rol de administrador. Nota: No son evaluadas las versiones de software que han alcanzado End of Software Development (EoSD) • https://support.f5.com/csp/article/K87502622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •