Vulnerabilities > F5 > BIG IP Domain Name System > 12.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-13 | CVE-2017-6158 | Unspecified vulnerability in F5 products In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is a vulnerability in TMM related to handling of invalid IP addresses. | 6.4 |
| 2018-04-13 | CVE-2017-6156 | Unspecified vulnerability in F5 products When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. network f5 | 6.0 |
| 2018-03-22 | CVE-2018-5504 | Unspecified vulnerability in F5 products In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1. | 9.3 |
| 2017-10-27 | CVE-2017-6161 | Resource Exhaustion vulnerability in F5 products In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. | 2.9 |
| 2017-10-20 | CVE-2017-6165 | Information Exposure Through Log Files vulnerability in F5 products In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file. | 5.0 |
| 2017-10-20 | CVE-2017-6145 | Insufficient Session Expiration vulnerability in F5 products iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. | 7.5 |
| 2017-06-09 | CVE-2016-7469 | Cross-site Scripting vulnerability in F5 products A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. | 3.5 |
| 2017-05-23 | CVE-2017-6131 | Use of Hard-coded Credentials vulnerability in F5 products In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. | 7.5 |
| 2017-05-10 | CVE-2016-9250 | Permissions, Privileges, and Access Controls vulnerability in F5 products In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism. | 5.0 |
| 2017-05-09 | CVE-2017-6137 | Unspecified vulnerability in F5 products In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations. network f5 | 4.3 |