Vulnerabilities > F5 > BIG IP Advanced Firewall Manager

DATE CVE VULNERABILITY TITLE RISK
2020-03-27 CVE-2020-5860 Cleartext Transmission of Sensitive Information vulnerability in F5 products
On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS).
network
high complexity
f5 CWE-319
8.1
2020-03-27 CVE-2020-5859 Unspecified vulnerability in F5 products
On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file.
network
low complexity
f5
7.5
2020-03-27 CVE-2020-5858 Unspecified vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command.
local
low complexity
f5
7.8
2020-03-27 CVE-2020-5857 Unspecified vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service.
network
low complexity
f5
7.5
2020-02-21 CVE-2013-3587 Information Exposure vulnerability in F5 products
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
network
high complexity
f5 CWE-200
5.9
2020-02-06 CVE-2020-5856 Unspecified vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart.
network
low complexity
f5
7.5
2020-02-06 CVE-2020-5854 Unspecified vulnerability in F5 products
On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made.
network
high complexity
f5
5.9
2020-01-14 CVE-2020-5852 Unspecified vulnerability in F5 products
Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM).
network
low complexity
f5
7.5
2020-01-14 CVE-2020-5851 Unspecified vulnerability in F5 products
On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components.
low complexity
f5
4.6
2020-01-08 CVE-2014-5209 Information Exposure vulnerability in multiple products
An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.
network
low complexity
ntp f5 CWE-200
5.3