Vulnerabilities > F5 > BIG IP Domain Name System

DATE CVE VULNERABILITY TITLE RISK
2019-05-03 CVE-2019-6616 Unspecified vulnerability in F5 products
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode.
network
low complexity
f5
7.2
2019-05-03 CVE-2019-6615 Unspecified vulnerability in F5 products
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems.
network
low complexity
f5
4.9
2019-05-03 CVE-2019-6614 Unspecified vulnerability in F5 products
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective.
network
low complexity
f5
6.5
2019-05-03 CVE-2019-6613 Cleartext Transmission of Sensitive Information vulnerability in F5 products
On BIG-IP 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, SNMP may expose sensitive configuration objects over insecure transmission channels.
network
low complexity
f5 CWE-319
5.3
2019-05-03 CVE-2019-6612 Unspecified vulnerability in F5 products
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, DNS query TCP connections that are aborted before receiving a response from a DNS cache may cause TMM to restart.
network
low complexity
f5
7.5
2019-05-03 CVE-2019-6611 Unspecified vulnerability in F5 products
When BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 are processing certain rare data sequences occurring in PPTP VPN traffic, the BIG-IP system may execute incorrect logic.
network
low complexity
f5
7.5
2019-04-15 CVE-2019-6609 Insufficiently Protected Credentials vulnerability in F5 products
Platform dependent weakness.
network
low complexity
f5 CWE-522
critical
9.8
2019-03-28 CVE-2019-6602 Information Exposure Through Discrepancy vulnerability in F5 products
In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request.
network
low complexity
f5 CWE-203
7.5
2019-03-13 CVE-2019-6600 Cross-site Scripting vulnerability in F5 products
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the "guest" role, unsanitized values can be reflected to the client via the login page.
network
low complexity
f5 CWE-79
6.1
2019-03-13 CVE-2019-6598 Unspecified vulnerability in F5 products
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services.
network
low complexity
f5
4.3