| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-23021 |
732 |
|
|
2021-06-01 |
2021-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644. |
|
2 |
CVE-2021-23020 |
330 |
|
|
2021-06-01 |
2021-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys. |
|
3 |
CVE-2021-23002 |
|
|
|
2021-03-31 |
2021-04-05 |
2.7 |
None |
Local Network |
Low |
??? |
Partial |
None |
None |
|
When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system. Addressing this issue requires both the client and server fixes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
|
4 |
CVE-2020-24349 |
416 |
|
|
2020-08-13 |
2022-10-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface. |
|
5 |
CVE-2020-24348 |
125 |
|
|
2020-08-13 |
2022-04-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c. |
|
6 |
CVE-2020-24347 |
125 |
|
|
2020-08-13 |
2022-04-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c. |
|
7 |
CVE-2020-5929 |
|
|
|
2020-09-25 |
2021-07-21 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability. |
|
8 |
CVE-2020-5908 |
200 |
|
+Info |
2020-07-01 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files. |
|
9 |
CVE-2020-5890 |
200 |
|
+Info |
2020-04-30 |
2020-05-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace. |
|
10 |
CVE-2020-5866 |
200 |
|
+Info |
2020-04-23 |
2020-04-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments. |
|
11 |
CVE-2019-19151 |
269 |
|
|
2019-12-23 |
2019-12-31 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed. |
|
12 |
CVE-2019-6670 |
312 |
|
|
2019-11-27 |
2019-12-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem. |
|
13 |
CVE-2019-6648 |
532 |
|
|
2019-09-04 |
2023-02-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. |
|
14 |
CVE-2019-6632 |
310 |
|
|
2019-07-03 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files. |
|
15 |
CVE-2019-6601 |
269 |
|
|
2019-03-13 |
2023-02-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager (AAM) wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts. |
|
16 |
CVE-2018-15333 |
434 |
|
|
2018-12-28 |
2019-10-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snapshot files on the BIG-IP configuration utility such as QKView and TCPDumps. |
|
17 |
CVE-2018-15316 |
|
|
Bypass |
2018-10-19 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks. |
|
18 |
CVE-2018-5540 |
732 |
|
|
2018-07-19 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up. |
|
19 |
CVE-2018-5537 |
20 |
|
|
2018-07-25 |
2018-09-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end. |
|
20 |
CVE-2018-5518 |
|
|
|
2018-05-02 |
2019-10-03 |
2.3 |
None |
Local Network |
Medium |
??? |
None |
None |
Partial |
|
On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in "Appliance Mode" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as "host-only" or "bridged" mode is required. |
|
21 |
CVE-2017-6161 |
400 |
|
Bypass |
2017-10-27 |
2017-11-16 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
|
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion. |
|
22 |
CVE-2017-6152 |
269 |
|
|
2018-03-08 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password. |
|
23 |
CVE-2016-7474 |
200 |
|
+Info |
2017-03-27 |
2019-06-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information. |
|
24 |
CVE-2016-6249 |
200 |
|
+Info |
2017-02-20 |
2017-07-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files. |
|
25 |
CVE-2014-4027 |
200 |
|
+Info |
2014-06-23 |
2020-08-21 |
2.3 |
None |
Local Network |
Medium |
??? |
Partial |
None |
None |
|
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. |
|
26 |
CVE-2007-6704 |
79 |
|
XSS |
2008-03-05 |
2018-10-15 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3. |
|
27 |
CVE-2006-3550 |
|
|
XSS |
2006-07-13 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends." |
