CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2018-15317
https://notcve.org/view.php?id=CVE-2018-15317
31 Oct 2018 — In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors. Clients will be unable to access the application load balanced by a virtual server with an SSL profile until tmm is restarted. En BIG-IP versión 14.0.0 hasta 4.0.0.2, versión 13.0.0 hasta 13.1.1.5, versión 12.1.0 hasta 12.1.4.1 y versión 11.2.1 hasta 1... • https://support.f5.com/csp/article/K43625118 •
CVSS: 5.5EPSS: 0%CPEs: 70EXPL: 0CVE-2018-15321
https://notcve.org/view.php?id=CVE-2018-15321
31 Oct 2018 — When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place... • https://support.f5.com/csp/article/K01067037 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 0CVE-2018-15319
https://notcve.org/view.php?id=CVE-2018-15319
31 Oct 2018 — On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. En BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1 o 12.1.0-12.1.3.6, las peticiones maliciosas realizadas a los servidores virtuales con un perfil HTTP pueden provocar que TMM se reinicie. El problema está expuesto a las opciones de confi... • http://www.securityfocus.com/bid/107052 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 71EXPL: 0CVE-2018-15322
https://notcve.org/view.php?id=CVE-2018-15322
31 Oct 2018 — On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This actio... • https://support.f5.com/csp/article/K28003839 •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2017-6155
https://notcve.org/view.php?id=CVE-2017-6155
13 Apr 2018 — On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure. En F5 BIG-IP, en su versión 13.0.0, de la versión 12.0.0 a la 12.1.3.1, de la versión 11.6.0 a la 11.6.2, la versión 11.4.1a la 11.5.5 o en la versión 11.2.1, las peticiones SPDY o HTTP/2 mal formadas podrían resultar en una in... • https://support.f5.com/csp/article/K10930474 •
CVSS: 5.9EPSS: 1%CPEs: 56EXPL: 0CVE-2017-6163
https://notcve.org/view.php?id=CVE-2017-6163
27 Oct 2017 — In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exp... • http://www.securityfocus.com/bid/101606 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.4EPSS: 0%CPEs: 136EXPL: 0CVE-2016-7469
https://notcve.org/view.php?id=CVE-2016-7469
09 Jun 2017 — A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable. Una vulnerab... • http://www.securityfocus.com/bid/95320 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 134EXPL: 0CVE-2016-9250
https://notcve.org/view.php?id=CVE-2016-9250
10 May 2017 — In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism. En F5 BIG-IP 11.2.1, 11.4.0 a 11.6.1 y 12.0.0 a 12.1.2, un usuario no autenticado con acceso al panel de control puede ser capaz de borrar archivos arbitrarios a través de un mecanismo no revelado. • https://support.f5.com/csp/article/K55792317 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 156EXPL: 0CVE-2016-9252
https://notcve.org/view.php?id=CVE-2016-9252
27 Mar 2017 — The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors. El Traffic Management Microkernel (TMM) en F5 BIG-IP en versiones anteriores a 11.5.4 HF3, 11.6.x en versiones anteriores a 11.6.1 HF2 y 12.x en versiones anteriores a 12.1.2 no maneja adecuadamente las opciones MTU de ruta mínima para I... • http://www.securitytracker.com/id/1038132 • CWE-19: Data Processing Errors •
CVSS: 5.5EPSS: 0%CPEs: 123EXPL: 0CVE-2016-7474
https://notcve.org/view.php?id=CVE-2016-7474
27 Mar 2017 — In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information. En algunos casos la caché binaria MCPD en dispositivos F5 BIG-IP pueden permitir a un usuario con acceso Advanced Shell, o privilegios generar un qkview, para obtener temporalmente información normalmente irrecuperable. • http://www.securityfocus.com/bid/97198 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •