On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface (TMUI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_analytics f5:big-ip_application_security_manager f5:big-ip_domain_name_system f5:big-ip_policy_enforcement_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_access_policy_manager f5:big-ip_global_traffic_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_link_controller
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an Internet Content Adaptation Protocol (ICAP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_analytics f5:big-ip_application_security_manager f5:big-ip_domain_name_system f5:big-ip_policy_enforcement_manager f5:big-ip_local_traffic_manager f5:big-ip_link_controller f5:big-ip_application_acceleration_manager f5:big-ip_access_policy_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_global_traffic_manager
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, when BIG-IP packet filters are enabled and a virtual server is configured with the type set to Reject, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_analytics f5:big-ip_application_security_manager f5:big-ip_domain_name_system f5:big-ip_policy_enforcement_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_access_policy_manager f5:big-ip_global_traffic_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_link_controller
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_application_security_manager f5:big-ip_domain_name_system f5:big-ip_policy_enforcement_manager f5:big-ip_local_traffic_manager f5:big-ip_link_controller f5:big-ip_application_acceleration_manager f5:big-ip_access_policy_manager f5:big-ip_global_traffic_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_analytics
On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when a DNS listener is configured on a virtual server with DNS queueing (default), undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_application_security_manager f5:big-ip_domain_name_system f5:big-ip_policy_enforcement_manager f5:big-ip_local_traffic_manager f5:big-ip_link_controller f5:big-ip_application_acceleration_manager f5:big-ip_access_policy_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_global_traffic_manager
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP DNS resolver-enabled, HTTP-Explicit or SOCKS profile is configured on a virtual server, an undisclosed DNS response can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_advanced_firewall_manager f5:big-ip_domain_name_system f5:big-ip_local_traffic_manager f5:big-ip_application_security_manager f5:big-ip_link_controller f5:big-ip_application_acceleration_manager f5:big-ip_fraud_protection_service f5:big-ip_access_policy_manager f5:big-ip_policy_enforcement_manager f5:big-ip_analytics f5:big-ip_global_traffic_manager
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_guided_configuration f5:big-ip_advanced_firewall_manager f5:big-ip_domain_name_system f5:big-ip_local_traffic_manager f5:big-ip_application_security_manager f5:big-ip_link_controller f5:big-ip_application_acceleration_manager f5:big-ip_fraud_protection_service f5:big-ip_access_policy_manager f5:big-ip_policy_enforcement_manager f5:big-ip_analytics f5:big-ip_global_traffic_manager
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT (LSN) pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_policy_enforcement_manager f5:big-ip_local_traffic_manager f5:big-ip_application_security_manager f5:big-ip_domain_name_system f5:big-ip_access_policy_manager f5:big-ip_link_controller f5:big-ip_fraud_protection_service f5:big-ip_application_acceleration_manager f5:big-ip_analytics f5:big-ip_advanced_firewall_manager f5:big-ip_global_traffic_manager
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_policy_enforcement_manager f5:big-ip_local_traffic_manager f5:big-ip_application_security_manager f5:big-ip_domain_name_system f5:big-ip_access_policy_manager f5:big-ip_link_controller f5:big-ip_fraud_protection_service f5:big-ip_application_acceleration_manager f5:big-ip_analytics f5:big-ip_advanced_firewall_manager f5:big-ip_global_traffic_manager
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_policy_enforcement_manager f5:big-iq_centralized_management f5:big-ip_local_traffic_manager f5:big-ip_access_policy_manager f5:big-ip_link_controller f5:big-ip_fraud_protection_service f5:big-ip_analytics f5:big-ip_application_security_manager f5:big-ip_application_acceleration_manager f5:big-ip_domain_name_system f5:big-ip_advanced_firewall_manager f5:big-ip_global_traffic_manager
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_application_security_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_policy_enforcement_manager f5:big-ip_fraud_protection_service f5:big-ip_link_controller f5:big-ip_advanced_firewall_manager f5:big-ip_global_traffic_manager f5:big-ip_domain_name_system f5:big-ip_analytics f5:big-ip_access_policy_manager
On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when multiple route domains are configured, undisclosed requests to big3d can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_policy_enforcement_manager f5:big-ip_application_security_manager f5:big-ip_link_controller f5:big-ip_analytics f5:big-ip_fraud_protection_service f5:big-ip_global_traffic_manager f5:big-ip_domain_name_system f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_access_policy_manager f5:big-ip_advanced_firewall_manager
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled (disabled by default) on a BIG-IP system, undisclosed packets may cause decreased performance. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_policy_enforcement_manager f5:big-ip_application_security_manager f5:big-ip_link_controller f5:big-ip_analytics f5:big-ip_fraud_protection_service f5:big-ip_global_traffic_manager f5:big-iq_centralized_management f5:big-ip_domain_name_system f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_access_policy_manager f5:big-ip_advanced_firewall_manager
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_policy_enforcement_manager f5:big-ip_application_security_manager f5:big-ip_link_controller f5:big-ip_analytics f5:big-ip_fraud_protection_service f5:big-ip_global_traffic_manager f5:big-ip_domain_name_system f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_access_policy_manager f5:big-ip_advanced_firewall_manager
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an IPSec ALG profile is configured on a virtual server, undisclosed responses can cause Traffic Management Microkernel(TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_policy_enforcement_manager f5:big-ip_application_security_manager f5:big-ip_link_controller f5:big-ip_analytics f5:big-ip_fraud_protection_service f5:big-ip_global_traffic_manager f5:big-ip_domain_name_system f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_access_policy_manager f5:big-ip_advanced_firewall_manager
On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior to 15.1.5.1, when the DNS resolver configuration is used, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_policy_enforcement_manager f5:big-ip_link_controller f5:big-ip_application_security_manager f5:big-ip_analytics f5:big-ip_fraud_protection_service f5:big-ip_global_traffic_manager f5:big-ip_domain_name_system f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_access_policy_manager f5:big-ip_advanced_firewall_manager
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when a Real Time Streaming Protocol (RTSP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager f5:big-ip_domain_name_system f5:big-ip_application_security_manager f5:big-ip_fraud_protection_service f5:big-ip_analytics f5:big-ip_global_traffic_manager f5:big-ip_link_controller f5:big-ip_application_acceleration_manager f5:big-ip_local_traffic_manager f5:big-ip_access_policy_manager
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager f5:big-ip_domain_name_system f5:big-ip_application_security_manager f5:big-ip_fraud_protection_service f5:big-ip_global_traffic_manager f5:big-ip_analytics f5:big-ip_link_controller f5:big-ip_application_acceleration_manager f5:big-ip_local_traffic_manager f5:big-ip_access_policy_manager
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager f5:big-ip_domain_name_system f5:big-ip_application_security_manager f5:big-ip_fraud_protection_service f5:big-ip_global_traffic_manager f5:big-ip_link_controller f5:big-ip_analytics f5:big-ip_application_acceleration_manager f5:big-ip_local_traffic_manager f5:big-ip_access_policy_manager
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility (also referred to as the BIG-IP TMUI) that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_advanced_firewall_manager f5:big-ip_global_traffic_manager f5:big-ip_policy_enforcement_manager f5:big-ip_local_traffic_manager f5:big-ip_access_policy_manager f5:big-ip_analytics f5:big-ip_application_acceleration_manager f5:big-ip_domain_name_system f5:big-ip_link_controller f5:big-ip_fraud_protection_service f5:big-ip_application_security_manager
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, on platforms with an ePVA and the pva.fwdaccel BigDB variable enabled, undisclosed requests to a virtual server with a FastL4 profile that has ePVA acceleration enabled can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_advanced_firewall_manager f5:big-ip_global_traffic_manager f5:big-ip_policy_enforcement_manager f5:big-ip_local_traffic_manager f5:big-ip_analytics f5:big-ip_access_policy_manager f5:big-ip_application_acceleration_manager f5:big-ip_domain_name_system f5:big-ip_link_controller f5:big-ip_fraud_protection_service f5:big-ip_application_security_manager
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
f5:big-ip_domain_name_system f5:big-ip_global_traffic_manager f5:big-ip_access_policy_manager f5:big-ip_local_traffic_manager f5:big-ip_link_controller f5:big-ip_application_security_manager f5:big-ip_fraud_protection_service f5:big-ip_analytics f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager f5:big-ip_application_acceleration_manager
On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a message routing type virtual server is configured with both Diameter Session and Router Profiles, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_access_policy_manager f5:big-ip_application_security_manager f5:big-ip_global_traffic_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_advanced_firewall_manager f5:big-ip_fraud_protection_service f5:big-ip_analytics f5:big-ip_policy_enforcement_manager f5:big-ip_link_controller f5:big-ip_domain_name_system
On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_access_policy_manager f5:big-ip_application_security_manager f5:big-ip_global_traffic_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_advanced_firewall_manager f5:big-ip_fraud_protection_service f5:big-ip_analytics f5:big-ip_policy_enforcement_manager f5:big-ip_link_controller f5:big-ip_domain_name_system
On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP Profile. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_access_policy_manager f5:big-ip_application_security_manager f5:big-ip_global_traffic_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_advanced_firewall_manager f5:big-ip_fraud_protection_service f5:big-ip_analytics f5:big-ip_policy_enforcement_manager f5:big-ip_link_controller f5:big-ip_domain_name_system
On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' setting is enabled on the Request Logging profile and configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_access_policy_manager f5:big-ip_application_security_manager f5:big-ip_global_traffic_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_advanced_firewall_manager f5:big-ip_fraud_protection_service f5:big-ip_analytics f5:big-ip_policy_enforcement_manager f5:big-ip_link_controller f5:big-ip_domain_name_system
On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when a virtual server is configured with a DNS profile with the Rapid Response Mode setting enabled and is configured on a BIG-IP system, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_access_policy_manager f5:big-ip_application_security_manager f5:big-ip_global_traffic_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_advanced_firewall_manager f5:big-ip_fraud_protection_service f5:big-ip_analytics f5:big-ip_policy_enforcement_manager f5:big-ip_link_controller f5:big-ip_domain_name_system
On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_access_policy_manager f5:big-ip_application_security_manager f5:big-ip_global_traffic_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_advanced_firewall_manager f5:big-ip_fraud_protection_service f5:big-ip_analytics f5:big-ip_policy_enforcement_manager f5:big-ip_link_controller f5:big-ip_domain_name_system
On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14.1.2.6-14.1.4.4, when a Client SSL profile is configured on a virtual server with Client Certificate Authentication set to request/require and Session Ticket enabled and configured, processing SSL traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_access_policy_manager f5:big-ip_application_security_manager f5:big-ip_global_traffic_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_advanced_firewall_manager f5:big-ip_fraud_protection_service f5:big-ip_analytics f5:big-ip_policy_enforcement_manager f5:big-ip_link_controller f5:big-ip_domain_name_system
On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when the BIG-IP Virtual Edition (VE) uses the ixlv driver (which is used in SR-IOV mode and requires Intel X710/XL710/XXV710 family of network adapters on the Hypervisor) and TCP Segmentation Offload configuration is enabled, undisclosed requests may cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_ssl_orchestrator f5:big-ip_ddos_hybrid_defender f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager f5:big-ip_access_policy_manager f5:big-ip_global_traffic_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_application_security_manager f5:big-ip_advanced_web_application_firewall f5:big-ip_link_controller f5:big-ip_domain_name_system
On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_ssl_orchestrator f5:big-ip_ddos_hybrid_defender f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager f5:big-ip_access_policy_manager f5:big-ip_global_traffic_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_application_security_manager f5:big-ip_advanced_web_application_firewall f5:big-ip_link_controller f5:big-ip_domain_name_system
On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2, when a FastL4 profile and an HTTP, FIX, and/or hash persistence profile are configured on the same virtual server, undisclosed requests can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_ssl_orchestrator f5:big-ip_ddos_hybrid_defender f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager f5:big-ip_access_policy_manager f5:big-ip_global_traffic_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_application_security_manager f5:big-ip_advanced_web_application_firewall f5:big-ip_link_controller f5:big-ip_domain_name_system
On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, when a SIP ALG profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_ssl_orchestrator f5:big-ip_ddos_hybrid_defender f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager f5:big-ip_access_policy_manager f5:big-ip_global_traffic_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_application_security_manager f5:big-ip_advanced_web_application_firewall f5:big-ip_link_controller f5:big-ip_domain_name_system
On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by an authenticated iControl REST user can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_ssl_orchestrator f5:big-ip_ddos_hybrid_defender f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager f5:big-iq_centralized_management f5:big-ip_access_policy_manager f5:big-ip_global_traffic_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_application_security_manager f5:big-ip_advanced_web_application_firewall f5:big-ip_link_controller f5:big-ip_domain_name_system
On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager f5:big-ip_access_policy_manager f5:big-ip_global_traffic_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_application_security_manager f5:big-ip_link_controller f5:big-ip_domain_name_system
On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 and 14.1.x before 14.1.3, virtual servers may stop responding while processing TCP traffic due to an issue in the SYN Cookie Protection feature. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager f5:big-ip_access_policy_manager f5:big-ip_local_traffic_manager f5:big-ip_domain_name_system f5:big-ip_fraud_protection_service f5:big-ip_global_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_application_security_manager f5:big-ip_link_controller
On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile and an HTTP profile are configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
f5:big-ip_analytics f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager f5:big-ip_access_policy_manager f5:big-ip_global_traffic_manager f5:big-ip_local_traffic_manager f5:big-ip_application_acceleration_manager f5:big-ip_application_security_manager f5:big-ip_link_controller f5:big-ip_domain_name_system
On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Microkernel (TMM) process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
f5:big-ip_analytics f5:big-ip_link_controller f5:big-ip_access_policy_manager f5:big-ip_application_acceleration_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_edge_gateway f5:big-ip_application_security_manager f5:big-ip_advanced_web_application_firewall f5:big-ip_global_traffic_manager f5:big-ip_policy_enforcement_manager f5:big-ip_domain_name_system f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_ssl_orchestrator f5:big-ip_local_traffic_manager f5:big-ip_webaccelerator
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
f5:big-ip_advanced_firewall_manager f5:big-ip_analytics f5:big-ip_access_policy_manager f5:ssl_orchestrator f5:big-ip_advanced_web_application_firewall f5:big-ip_application_security_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_application_acceleration_manager f5:big-ip_local_traffic_manager f5:big-ip_global_traffic_manager f5:big-iq_centralized_management f5:big-ip_policy_enforcement_manager f5:big-ip_fraud_protection_service f5:big-ip_domain_name_system f5:big-ip_link_controller
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
f5:big-ip_advanced_firewall_manager f5:big-ip_analytics f5:big-ip_access_policy_manager f5:ssl_orchestrator f5:big-ip_advanced_web_application_firewall f5:big-ip_application_security_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_application_acceleration_manager f5:big-ip_local_traffic_manager f5:big-ip_global_traffic_manager f5:big-ip_policy_enforcement_manager f5:big-ip_fraud_protection_service f5:big-ip_domain_name_system f5:big-ip_link_controller
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
f5:big-ip_advanced_firewall_manager f5:big-ip_analytics f5:big-ip_access_policy_manager f5:ssl_orchestrator f5:big-ip_advanced_web_application_firewall f5:big-ip_application_security_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_application_acceleration_manager f5:big-ip_local_traffic_manager f5:big-ip_global_traffic_manager f5:big-ip_policy_enforcement_manager f5:big-ip_fraud_protection_service f5:big-ip_domain_name_system f5:big-ip_link_controller
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
f5:big-ip_advanced_firewall_manager f5:big-ip_analytics f5:big-ip_access_policy_manager f5:ssl_orchestrator f5:big-ip_advanced_web_application_firewall f5:big-ip_application_security_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_application_acceleration_manager f5:big-ip_local_traffic_manager f5:big-ip_global_traffic_manager f5:big-ip_policy_enforcement_manager f5:big-ip_fraud_protection_service f5:big-ip_domain_name_system f5:big-ip_link_controller
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
f5:big-ip_advanced_firewall_manager f5:big-ip_analytics f5:big-ip_access_policy_manager f5:ssl_orchestrator f5:big-ip_advanced_web_application_firewall f5:big-ip_application_security_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_application_acceleration_manager f5:big-ip_local_traffic_manager f5:big-ip_global_traffic_manager f5:big-ip_policy_enforcement_manager f5:big-ip_fraud_protection_service f5:big-ip_domain_name_system f5:big-ip_link_controller
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may theoretically allow bypass of URL based access control or remote code execution (RCE). Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
f5:big-ip_advanced_firewall_manager f5:big-ip_analytics f5:big-ip_access_policy_manager f5:ssl_orchestrator f5:big-ip_advanced_web_application_firewall f5:big-ip_application_security_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_application_acceleration_manager f5:big-ip_local_traffic_manager f5:big-ip_global_traffic_manager f5:big-ip_policy_enforcement_manager f5:big-ip_fraud_protection_service f5:big-ip_domain_name_system f5:big-ip_link_controller
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, a malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution (RCE), leading to complete system compromise. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
f5:big-ip_advanced_firewall_manager f5:big-ip_analytics f5:big-ip_access_policy_manager f5:ssl_orchestrator f5:big-ip_advanced_web_application_firewall f5:big-ip_application_security_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_application_acceleration_manager f5:big-ip_local_traffic_manager f5:big-ip_global_traffic_manager f5:big-ip_policy_enforcement_manager f5:big-ip_fraud_protection_service f5:big-ip_domain_name_system f5:big-ip_link_controller
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. This vulnerability is due to an incomplete fix for CVE-2020-5948. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
f5:big-ip_advanced_firewall_manager f5:big-ip_analytics f5:big-ip_access_policy_manager f5:ssl_orchestrator f5:big-ip_advanced_web_application_firewall f5:big-ip_application_security_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_application_acceleration_manager f5:big-ip_local_traffic_manager f5:big-ip_global_traffic_manager f5:big-ip_policy_enforcement_manager f5:big-ip_fraud_protection_service f5:big-ip_domain_name_system f5:big-ip_link_controller
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, SYN flood protection thresholds are not enforced in secure network address translation (SNAT) listeners. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
f5:big-ip_advanced_firewall_manager f5:big-ip_analytics f5:big-ip_access_policy_manager f5:ssl_orchestrator f5:big-ip_advanced_web_application_firewall f5:big-ip_application_security_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_application_acceleration_manager f5:big-ip_local_traffic_manager f5:big-ip_global_traffic_manager f5:big-ip_policy_enforcement_manager f5:big-ip_fraud_protection_service f5:big-ip_domain_name_system f5:big-ip_link_controller
On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may cause TMM to restart. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
f5:big-ip_advanced_firewall_manager f5:big-ip_analytics f5:big-ip_access_policy_manager f5:ssl_orchestrator f5:big-ip_advanced_web_application_firewall f5:big-ip_application_security_manager f5:big-ip_ddos_hybrid_defender f5:big-ip_application_acceleration_manager f5:big-ip_local_traffic_manager f5:big-ip_global_traffic_manager f5:big-ip_policy_enforcement_manager f5:big-ip_fraud_protection_service f5:big-ip_domain_name_system f5:big-ip_link_controller
On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
f5:big-ip_access_policy_manager f5:ssl_orchestrator f5:big-ip_global_traffic_manager f5:big-ip_domain_name_system f5:big-ip_application_acceleration_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager f5:big-ip_analytics f5:big-ip_advanced_web_application_firewall f5:big-ip_ddos_hybrid_defender f5:big-ip_link_controller f5:big-ip_application_security_manager f5:big-ip_local_traffic_manager
On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
f5:big-ip_access_policy_manager f5:ssl_orchestrator f5:big-ip_global_traffic_manager f5:big-ip_domain_name_system f5:big-ip_application_acceleration_manager f5:big-ip_fraud_protection_service f5:big-ip_advanced_firewall_manager f5:big-ip_policy_enforcement_manager f5:big-ip_analytics f5:big-ip_advanced_web_application_firewall f5:big-ip_ddos_hybrid_defender f5:big-ip_link_controller f5:big-ip_application_security_manager f5:big-ip_local_traffic_manager