CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41164 – BIG-IP MPTCP vulnerability
https://notcve.org/view.php?id=CVE-2024-41164
When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000138477 • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28132 – BIG-IP NEXT CNF vulnerability
https://notcve.org/view.php?id=CVE-2024-28132
Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de exposición de información confidencial en el contenedor GSLB, que puede permitir que un atacante autenticado con acceso local vea información confidencial. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000138913 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25560 – TMM Vulnerability
https://notcve.org/view.php?id=CVE-2024-25560
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando se otorga licencia y aprovisionamiento de BIG-IP AFM, el tráfico DNS no divulgado puede provocar la finalización del Microkernel de gestión de tráfico (TMM). Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000139037 • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23306 – BIG-IP Next CNF & SPK vulnerability
https://notcve.org/view.php?id=CVE-2024-23306
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Existe una vulnerabilidad en los sistemas BIG-IP Next CNF y SPK que puede permitir el acceso a archivos confidenciales no divulgados. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan • https://my.f5.com/manage/s/article/K000137886 • CWE-522: Insufficiently Protected Credentials •