CVSS: 7.8EPSS: 0%CPEs: 78EXPL: 0CVE-2023-43611 – BIG-IP Edge Client for macOS vulnerability
https://notcve.org/view.php?id=CVE-2023-43611
10 Oct 2023 — The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated El instalador del cliente BIG-IP Edge en macOS no sigue las mejores prácticas para elevar los privilegios durante el proceso de instalación. Esta vulnerabilidad se debe a una solución incompleta para CVE-2023-38418. Nota:... • https://my.f5.com/manage/s/article/K000136185 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-5450 – BIG-IP Edge Client for macOS vulnerability
https://notcve.org/view.php?id=CVE-2023-5450
10 Oct 2023 — An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una verificación insuficiente de la vulnerabilidad de los datos en BIG-IP Edge Client Installer en macOS que puede permitir que un atacante aumente sus privilegios durante el proceso de instalación. Nota: Las versiones de softwa... • https://my.f5.com/manage/s/article/K000135040 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-24461 – BIG-IP Edge Client for Windows and macOS vulnerability
https://notcve.org/view.php?id=CVE-2023-24461
03 May 2023 — An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not eva... • https://my.f5.com/manage/s/article/K000132539 • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2023-22372 – BIG-IP Edge Client for Windows and Mac OS vulnerability
https://notcve.org/view.php?id=CVE-2023-22372
03 May 2023 — In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000132522 • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-22358 – BIG-IP Edge Client for Windows vulnerability
https://notcve.org/view.php?id=CVE-2023-22358
01 Feb 2023 — In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K76964818 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-22283 – BIG-IP Edge Client for Windows vulnerability
https://notcve.org/view.php?id=CVE-2023-22283
01 Feb 2023 — On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K07143733 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-23008
https://notcve.org/view.php?id=CVE-2021-23008
10 May 2021 — On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD (Active Directory) authentication can be bypassed via a spoofed AS-REP (Kerberos Authentication Service Response) response sent over a hijacked KDC (Kerberos Key Distribution Center) connection or from an AD server compromised by an attacker. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En la versión 15.1.x a... • https://support.f5.com/csp/article/K51213246 • CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 55EXPL: 0CVE-2020-5907
https://notcve.org/view.php?id=CVE-2020-5907
01 Jul 2020 — In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell (tmsh) may be able to conduct arbitrary file read/writes via the built-in sftp functionality. En BIG-IP versiones 15.0.0 hasta 15.1.0.3, 14.1.0 hasta 14.1.2.3, 13.1.0 hasta 13.1.3.3, 12.1.0 hasta 12.1.5.1 y 11.6.1 hasta 11.6.5.1, un usuario autorizado proporcionado con acceso solo a TMOS Shell (tmsh) puede ser capaz de conducir lecturas y ... • https://support.f5.com/csp/article/K00091341 •
CVSS: 7.8EPSS: 0%CPEs: 68EXPL: 0CVE-2020-5858
https://notcve.org/view.php?id=CVE-2020-5858
27 Mar 2020 — On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command. En BIG-IP versiones 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5 y 11.5.2-11.6.5.1 y BIG-IQ versiones 7.0. 0, 6.0.0-6.1.0 y 5.2.0-5.4.0, los usuarios con roles ... • https://support.f5.com/csp/article/K36814487 •
CVSS: 8.1EPSS: 0%CPEs: 58EXPL: 0CVE-2020-5860
https://notcve.org/view.php?id=CVE-2020-5860
27 Mar 2020 — On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS). En BIG-IP versiones 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1 y 11.5.2-11.6.5.1 y BIG-IQ versiones 7.0. 0, 6.... • https://support.f5.com/csp/article/K67472032 • CWE-287: Improper Authentication CWE-319: Cleartext Transmission of Sensitive Information •