11 results (0.003 seconds)

CVSS: 5.5EPSS: 0%CPEs: 74EXPL: 0

When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Cuando el reenvío de auditoría TACACS+ está configurado en el sistema BIG-IP o BIG-IQ, el secreto compartido se registra en texto plano en el audit log. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K06110200 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 6.5EPSS: 0%CPEs: 77EXPL: 0

The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Los sistemas BIG-IP y BIG-IQ no cifran cierta información confidencial escrita en las variables de la Base de Datos (DB). Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K20850144 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 4.3EPSS: 0%CPEs: 96EXPL: 0

An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Un atacante autenticado con privilegios de invitado o superior puede provocar la finalización del proceso iControl SOAP mediante el envío de solicitudes no reveladas. Nota: No se evalúan las versiones de software que han alcanzado el fin del soporte técnico (EoTS). • https://my.f5.com/manage/s/article/K000133472 • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000132719 • CWE-269: Improper Privilege Management CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 47%CPEs: 57EXPL: 0

In all versions,  BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. En todas las versiones, BIG-IP y BIG-IQ son vulnerables a ataques de Cross-Site Request Forgery (CSRF) a través de iControl SOAP. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://support.f5.com/csp/article/K94221585 https://github.com/rbowes-r7/refreshing-soap-exploit https://www.rapid7.com/blog/post/2022/11/16/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures https://support.f5.com/csp/article/K97843387 https://support.f5.com/csp/article/K05403841 • CWE-352: Cross-Site Request Forgery (CSRF) •