Total
453 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5925 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2020-08-31 | 4.3 MEDIUM | 7.5 HIGH |
| In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed internally generated UDP traffic may cause the Traffic Management Microkernel (TMM) to restart under some circumstances. | |||||
| CVE-2020-5915 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust. | |||||
| CVE-2019-6644 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 6.8 MEDIUM | 9.4 CRITICAL |
| Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible. | |||||
| CVE-2019-6606 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, when processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of memory. | |||||
| CVE-2019-6605 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service. | |||||
| CVE-2019-6688 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5 and BIG-IQ versions 6.0.0-6.1.0 and 5.2.0-5.4.0, a user is able to obtain the secret that was being used to encrypt a BIG-IP UCS backup file while sending SNMP query to the BIG-IP or BIG-IQ system, however the user can not access to the UCS files. | |||||
| CVE-2019-6603 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. | |||||
| CVE-2019-6678 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 4.3 MEDIUM | 5.3 MEDIUM |
| On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, the TMM process may restart when the packet filter feature is enabled. | |||||
| CVE-2019-6666 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, and 13.1.0-13.1.1.4, the TMM process may produce a core file when an upstream server or cache sends the BIG-IP an invalid age header value. | |||||
| CVE-2019-6598 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role (other than the No Access role). The No Access user role cannot login and does not have the access level to perform the attack. | |||||
| CVE-2019-6646 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges. | |||||
| CVE-2019-6669 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, undisclosed traffic flow may cause TMM to restart under some circumstances. | |||||
| CVE-2019-6684 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing (vCMP) may drop broadcast packets when they are rebroadcast to the vCMP guest secondary blades. An attacker can leverage the fragmented broadcast IP packets to perform any type of fragmentation-based attack. | |||||
| CVE-2019-6649 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2020-08-24 | 5.8 MEDIUM | 9.1 CRITICAL |
| F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. | |||||
| CVE-2019-6672 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded. | |||||
| CVE-2019-6620 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker vulnerable to command injection for an Administrator user. | |||||
| CVE-2019-6676 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM may restart on BIG-IP Virtual Edition (VE) when using virtio direct descriptors and packets 2 KB or larger. | |||||
| CVE-2019-6618 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, users with the Resource Administrator role can modify sensitive portions of the filesystem if provided Advanced Shell Access, such as editing /etc/passwd. This allows modifications to user objects and is contrary to our definition for the Resource Administrator (RA) role restrictions. | |||||
| CVE-2019-6659 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages. | |||||
| CVE-2019-6602 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request. | |||||