When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_policy_enforcement_manager f5:big-ip_websafe f5:big-ip_access_policy_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_advanced_web_application_firewall f5:big-ip_advanced_firewall_manager f5:big-ip_fraud_protection_service f5:big-ip_webaccelerator f5:big-ip_link_controller f5:big-ip_application_acceleration_manager f5:big-ip_application_visibility_and_reporting f5:big-ip_local_traffic_manager f5:big-ip_edge_gateway f5:big-ip_analytics f5:big-ip_global_traffic_manager f5:big-ip_carrier-grade_nat f5:big-ip_domain_name_system f5:big-ip_ssl_orchestrator f5:big-ip_application_security_manager
A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_policy_enforcement_manager f5:big-ip_websafe f5:big-ip_access_policy_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_advanced_web_application_firewall f5:big-ip_advanced_firewall_manager f5:big-ip_fraud_protection_service f5:big-ip_webaccelerator f5:big-ip_link_controller f5:big-ip_application_acceleration_manager f5:big-ip_application_visibility_and_reporting f5:big-ip_local_traffic_manager f5:big-ip_edge_gateway f5:big-ip_analytics f5:big-ip_global_traffic_manager f5:big-ip_carrier-grade_nat f5:big-ip_domain_name_system f5:big-ip_ssl_orchestrator f5:big-ip_application_security_manager
Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_policy_enforcement_manager f5:big-ip_websafe f5:big-ip_access_policy_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_advanced_web_application_firewall f5:big-ip_advanced_firewall_manager f5:big-ip_fraud_protection_service f5:big-ip_webaccelerator f5:big-ip_link_controller f5:big-ip_application_acceleration_manager f5:big-ip_application_visibility_and_reporting f5:big-ip_local_traffic_manager f5:big-ip_edge_gateway f5:big-ip_analytics f5:big-ip_global_traffic_manager f5:big-ip_carrier-grade_nat f5:big-ip_domain_name_system f5:big-ip_ssl_orchestrator f5:big-ip_application_security_manager
When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_policy_enforcement_manager f5:big-ip_websafe f5:big-ip_access_policy_manager f5:big-ip_next_service_proxy_for_kubernetes f5:big-ip_ddos_hybrid_defender f5:big-ip_advanced_web_application_firewall f5:big-ip_advanced_firewall_manager f5:big-ip_fraud_protection_service f5:big-ip_webaccelerator f5:big-ip_link_controller f5:big-ip_application_acceleration_manager f5:big-ip_application_visibility_and_reporting f5:big-ip_local_traffic_manager f5:big-ip_edge_gateway f5:big-ip_analytics f5:big-ip_global_traffic_manager f5:big-ip_carrier-grade_nat f5:big-ip_domain_name_system f5:big-ip_ssl_orchestrator f5:big-ip_application_security_manager
In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_domain_name_system f5:big-ip_application_security_manager f5:big-ip_access_policy_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_local_traffic_manager f5:big-ip_policy_enforcement_manager f5:big-ip_application_acceleration_manager f5:big-ip_ssl_orchestrator f5:big-ip_link_controller f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager
In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_domain_name_system f5:big-ip_application_security_manager f5:big-ip_access_policy_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_local_traffic_manager f5:big-ip_policy_enforcement_manager f5:big-ip_application_acceleration_manager f5:big-ip_ssl_orchestrator f5:big-ip_link_controller f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_domain_name_system f5:big-ip_application_security_manager f5:big-ip_access_policy_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_local_traffic_manager f5:big-ip_policy_enforcement_manager f5:big-ip_application_acceleration_manager f5:big-ip_ssl_orchestrator f5:big-ip_link_controller f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager
In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_domain_name_system f5:big-ip_application_security_manager f5:big-ip_access_policy_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_local_traffic_manager f5:big-ip_policy_enforcement_manager f5:big-ip_application_acceleration_manager f5:big-ip_ssl_orchestrator f5:big-ip_link_controller f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_fraud_protection_service f5:big-ip_access_policy_manager f5:big-ip_domain_name_system f5:big-ip_application_security_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_ssl_orchestrator f5:big-ip_analytics f5:big-ip_application_acceleration_manager f5:big-ip_advanced_firewall_manager f5:big-ip_link_controller f5:big-ip_local_traffic_manager f5:big-ip_policy_enforcement_manager
In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_fraud_protection_service f5:big-ip_access_policy_manager f5:big-ip_domain_name_system f5:big-ip_application_security_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_ssl_orchestrator f5:big-ip_analytics f5:big-ip_application_acceleration_manager f5:big-ip_advanced_firewall_manager f5:big-ip_local_traffic_manager f5:big-ip_link_controller f5:big-ip_policy_enforcement_manager
On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_link_controller f5:big-ip_access_policy_manager f5:big-ip_ssl_orchestrator f5:big-ip_service_proxy f5:big-ip_application_security_manager f5:big-ip_policy_enforcement_manager f5:big-ip_analytics f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_domain_name_system f5:big-ip_ddos_hybrid_defender f5:big-ip_application_acceleration_manager f5:big-ip_local_traffic_manager
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_access_policy_manager f5:big-ip_domain_name_system f5:big-ip_link_controller f5:big-ip_policy_enforcement_manager f5:big-ip_advanced_firewall_manager f5:big-ip_global_traffic_manager f5:big-ip_local_traffic_manager f5:big-ip_application_security_manager f5:big-ip_fraud_protection_service f5:big-ip_application_acceleration_manager f5:big-ip_analytics
In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_domain_name_system f5:big-ip_advanced_firewall_manager f5:big-iq_centralized_management f5:big-ip_policy_enforcement_manager f5:big-ip_application_security_manager f5:big-ip_link_controller f5:big-ip_fraud_protection_service f5:big-ip_application_acceleration_manager f5:big-ip_analytics f5:big-ip_access_policy_manager f5:big-ip_local_traffic_manager f5:big-ip_global_traffic_manager
On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied.
f5:big-ip_local_traffic_manager f5:big-ip_ssl_orchestrator f5:big-ip_domain_name_system f5:big-ip_edge_gateway f5:big-ip_access_policy_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_application_visibility_and_reporting f5:big-ip_advanced_web_application_firewall f5:big-ip_analytics f5:big-ip_application_security_manager f5:big-ip_fraud_protection_service f5:big-ip_application_acceleration_manager f5:big-ip_websafe f5:big-ip_policy_enforcement_manager f5:big-ip_webaccelerator f5:big-ip_link_controller f5:big-ip_advanced_firewall_manager f5:big-ip_carrier-grade_nat f5:big-ip_global_traffic_manager
In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate.
f5:big-ip_domain_name_system f5:big-ip_policy_enforcement_manager f5:big-ip_local_traffic_manager f5:big-ip_access_policy_manager f5:big-ip_application_security_manager f5:big-ip_link_controller f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_analytics f5:big-ip_application_acceleration_manager f5:big-ip_global_traffic_manager
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization.
f5:big-ip_domain_name_system f5:big-ip_local_traffic_manager f5:big-ip_access_policy_manager f5:big-ip_policy_enforcement_manager f5:big-ip_application_security_manager f5:big-ip_link_controller f5:big-ip_advanced_firewall_manager f5:big-ip_fraud_protection_service f5:big-ip_analytics f5:big-ip_application_acceleration_manager f5:big-ip_global_traffic_manager
In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate.
f5:big-ip_policy_enforcement_manager f5:big-ip_advanced_firewall_manager
In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests.
f5:big-ip_analytics f5:big-ip_policy_enforcement_manager f5:big-ip_link_controller f5:big-ip_advanced_firewall_manager f5:big-ip_fraud_protection_service f5:big-ip_access_policy_manager f5:big-ip_application_acceleration_manager f5:big-ip_global_traffic_manager f5:big-iq_centralized_management f5:big-ip_local_traffic_manager f5:big-ip_domain_name_system f5:big-ip_application_security_manager
In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate.
f5:big-ip_domain_name_system f5:big-ip_application_acceleration_manager f5:big-ip_global_traffic_manager f5:big-ip_link_controller f5:big-ip_advanced_firewall_manager f5:big-ip_fraud_protection_service f5:big-ip_local_traffic_manager f5:big-ip_analytics f5:big-ip_access_policy_manager f5:big-ip_application_security_manager f5:big-ip_policy_enforcement_manager
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization.
f5:big-ip_domain_name_system f5:big-ip_application_acceleration_manager f5:big-ip_global_traffic_manager f5:big-ip_link_controller f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager f5:big-ip_fraud_protection_service f5:big-ip_local_traffic_manager f5:big-ip_access_policy_manager f5:big-ip_application_security_manager f5:big-ip_analytics
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections.
f5:big-ip_application_acceleration_manager f5:big-ip_advanced_firewall_manager f5:big-ip_global_traffic_manager f5:big-ip_access_policy_manager f5:big-ip_analytics f5:big-ip_local_traffic_manager f5:big-ip_domain_name_system f5:big-ip_fraud_protection_service f5:big-ip_link_controller f5:big-ip_application_security_manager f5:big-ip_policy_enforcement_manager
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_local_traffic_manager f5:big-ip_global_traffic_manager f5:big-ip_access_policy_manager f5:big-ip_application_acceleration_manager f5:big-iq_centralized_management f5:big-ip_application_security_manager f5:big-ip_fraud_protection_service f5:big-ip_policy_enforcement_manager f5:big-ip_link_controller f5:big-ip_advanced_firewall_manager f5:big-ip_domain_name_system f5:big-ip_analytics
In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_local_traffic_manager f5:big-ip_global_traffic_manager f5:big-ip_access_policy_manager f5:big-ip_application_acceleration_manager f5:big-ip_application_security_manager f5:big-ip_fraud_protection_service f5:big-ip_policy_enforcement_manager f5:big-ip_link_controller f5:big-ip_advanced_firewall_manager f5:big-ip_domain_name_system f5:big-ip_analytics
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_local_traffic_manager f5:big-ip_global_traffic_manager f5:big-ip_access_policy_manager f5:big-ip_application_acceleration_manager f5:big-ip_application_security_manager f5:big-ip_fraud_protection_service f5:big-ip_policy_enforcement_manager f5:big-ip_link_controller f5:big-ip_advanced_firewall_manager f5:big-ip_domain_name_system f5:big-ip_analytics
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_local_traffic_manager f5:big-ip_global_traffic_manager f5:big-ip_access_policy_manager f5:big-ip_application_acceleration_manager f5:big-ip_application_security_manager f5:big-ip_fraud_protection_service f5:big-ip_policy_enforcement_manager f5:big-ip_link_controller f5:big-ip_advanced_firewall_manager f5:big-ip_domain_name_system f5:big-ip_analytics
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_local_traffic_manager f5:big-ip_global_traffic_manager f5:big-ip_access_policy_manager f5:big-ip_application_acceleration_manager f5:big-ip_application_security_manager f5:big-ip_fraud_protection_service f5:big-ip_policy_enforcement_manager f5:big-ip_link_controller f5:big-ip_advanced_firewall_manager f5:big-ip_domain_name_system f5:big-ip_analytics
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_local_traffic_manager f5:big-ip_global_traffic_manager f5:big-ip_access_policy_manager f5:big-ip_application_acceleration_manager f5:big-ip_application_security_manager f5:big-ip_fraud_protection_service f5:big-ip_policy_enforcement_manager f5:big-ip_link_controller f5:big-ip_advanced_firewall_manager f5:big-ip_domain_name_system f5:big-ip_analytics
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_access_policy_manager f5:big-ip_domain_name_system f5:big-ip_global_traffic_manager f5:big-ip_application_security_manager f5:big-ip_application_acceleration_manager f5:big-ip_link_controller f5:big-ip_local_traffic_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_access_policy_manager f5:big-ip_domain_name_system f5:big-ip_application_security_manager f5:big-ip_global_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_link_controller f5:big-ip_local_traffic_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-iq_centralized_management f5:big-ip_policy_enforcement_manager
In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_access_policy_manager f5:big-ip_domain_name_system f5:big-ip_application_security_manager f5:big-ip_global_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_link_controller f5:big-ip_local_traffic_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_access_policy_manager f5:big-ip_domain_name_system f5:big-ip_global_traffic_manager f5:big-ip_application_security_manager f5:big-ip_application_acceleration_manager f5:big-ip_link_controller f5:big-ip_local_traffic_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_access_policy_manager f5:big-ip_domain_name_system f5:big-ip_application_security_manager f5:big-ip_global_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_link_controller f5:big-ip_fraud_protection_service f5:big-ip_local_traffic_manager f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_access_policy_manager f5:big-ip_domain_name_system f5:big-ip_application_security_manager f5:big-ip_global_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_link_controller f5:big-ip_fraud_protection_service f5:big-ip_local_traffic_manager f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager
In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_access_policy_manager f5:big-ip_domain_name_system f5:big-ip_global_traffic_manager f5:big-ip_application_security_manager f5:big-ip_application_acceleration_manager f5:big-ip_link_controller f5:big-ip_local_traffic_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_access_policy_manager f5:big-ip_domain_name_system f5:big-ip_application_security_manager f5:big-ip_global_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_link_controller f5:big-ip_local_traffic_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_access_policy_manager f5:big-ip_domain_name_system f5:big-ip_application_security_manager f5:big-ip_global_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_link_controller f5:big-ip_local_traffic_manager f5:big-ip_fraud_protection_service f5:big-iq_centralized_management f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface (TMUI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_analytics f5:big-ip_application_security_manager f5:big-ip_domain_name_system f5:big-ip_policy_enforcement_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_access_policy_manager f5:big-ip_global_traffic_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_link_controller
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an Internet Content Adaptation Protocol (ICAP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_analytics f5:big-ip_application_security_manager f5:big-ip_domain_name_system f5:big-ip_policy_enforcement_manager f5:big-ip_local_traffic_manager f5:big-ip_link_controller f5:big-ip_application_acceleration_manager f5:big-ip_access_policy_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_global_traffic_manager
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, when BIG-IP packet filters are enabled and a virtual server is configured with the type set to Reject, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_analytics f5:big-ip_application_security_manager f5:big-ip_domain_name_system f5:big-ip_policy_enforcement_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_access_policy_manager f5:big-ip_global_traffic_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_link_controller
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_application_security_manager f5:big-ip_domain_name_system f5:big-ip_policy_enforcement_manager f5:big-ip_local_traffic_manager f5:big-ip_link_controller f5:big-ip_application_acceleration_manager f5:big-ip_access_policy_manager f5:big-ip_global_traffic_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_analytics
On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when a DNS listener is configured on a virtual server with DNS queueing (default), undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_application_security_manager f5:big-ip_domain_name_system f5:big-ip_policy_enforcement_manager f5:big-ip_local_traffic_manager f5:big-ip_link_controller f5:big-ip_application_acceleration_manager f5:big-ip_access_policy_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_global_traffic_manager
On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_policy_enforcement_manager f5:big-ip_advanced_firewall_manager f5:big-ip_carrier-grade_nat
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP DNS resolver-enabled, HTTP-Explicit or SOCKS profile is configured on a virtual server, an undisclosed DNS response can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_advanced_firewall_manager f5:big-ip_domain_name_system f5:big-ip_local_traffic_manager f5:big-ip_application_security_manager f5:big-ip_link_controller f5:big-ip_application_acceleration_manager f5:big-ip_fraud_protection_service f5:big-ip_access_policy_manager f5:big-ip_policy_enforcement_manager f5:big-ip_analytics f5:big-ip_global_traffic_manager
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_guided_configuration f5:big-ip_advanced_firewall_manager f5:big-ip_domain_name_system f5:big-ip_local_traffic_manager f5:big-ip_application_security_manager f5:big-ip_link_controller f5:big-ip_application_acceleration_manager f5:big-ip_fraud_protection_service f5:big-ip_access_policy_manager f5:big-ip_policy_enforcement_manager f5:big-ip_analytics f5:big-ip_global_traffic_manager
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT (LSN) pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_policy_enforcement_manager f5:big-ip_local_traffic_manager f5:big-ip_application_security_manager f5:big-ip_domain_name_system f5:big-ip_access_policy_manager f5:big-ip_link_controller f5:big-ip_fraud_protection_service f5:big-ip_application_acceleration_manager f5:big-ip_analytics f5:big-ip_advanced_firewall_manager f5:big-ip_global_traffic_manager
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_policy_enforcement_manager f5:big-ip_local_traffic_manager f5:big-ip_application_security_manager f5:big-ip_domain_name_system f5:big-ip_access_policy_manager f5:big-ip_link_controller f5:big-ip_fraud_protection_service f5:big-ip_application_acceleration_manager f5:big-ip_analytics f5:big-ip_advanced_firewall_manager f5:big-ip_global_traffic_manager
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_policy_enforcement_manager f5:big-iq_centralized_management f5:big-ip_local_traffic_manager f5:big-ip_access_policy_manager f5:big-ip_link_controller f5:big-ip_fraud_protection_service f5:big-ip_analytics f5:big-ip_application_security_manager f5:big-ip_application_acceleration_manager f5:big-ip_domain_name_system f5:big-ip_advanced_firewall_manager f5:big-ip_global_traffic_manager
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_application_security_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_policy_enforcement_manager f5:big-ip_fraud_protection_service f5:big-ip_link_controller f5:big-ip_advanced_firewall_manager f5:big-ip_global_traffic_manager f5:big-ip_domain_name_system f5:big-ip_analytics f5:big-ip_access_policy_manager