Vulnerabilities > F5 > BIG IP Global Traffic Manager

DATE CVE VULNERABILITY TITLE RISK
2021-09-14 CVE-2021-23042 Resource Exhaustion vulnerability in F5 products
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6, when an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization.
network
low complexity
f5 CWE-400
7.5
2021-09-14 CVE-2021-23043 Path Traversal vulnerability in F5 products
On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to access arbitrary files.
network
low complexity
f5 CWE-22
6.5
2021-09-14 CVE-2021-23041 Cross-site Scripting vulnerability in F5 products
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user.
network
low complexity
f5 CWE-79
6.1
2021-09-14 CVE-2021-23048 Unspecified vulnerability in F5 products
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when GPRS Tunneling Protocol (GTP) iRules commands or a GTP profile is configured on a virtual server, undisclosed GTP messages can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5
7.5
2021-09-14 CVE-2021-23049 Resource Exhaustion vulnerability in F5 products
On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, when the iRules RESOLVER::summarize command is used on a virtual server, undisclosed requests can cause an increase in Traffic Management Microkernel (TMM) memory utilization resulting in an out-of-memory condition and a denial-of-service (DoS).
network
low complexity
f5 CWE-400
7.5
2021-09-14 CVE-2021-23051 Unspecified vulnerability in F5 products
On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5
7.5
2021-05-10 CVE-2021-23009 Infinite Loop vulnerability in F5 products
On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic.
network
low complexity
f5 CWE-835
7.5
2021-05-10 CVE-2021-23012 OS Command Injection vulnerability in F5 products
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash commands on BIG-IP.
local
low complexity
f5 CWE-78
8.2
2021-05-10 CVE-2021-23015 Incorrect Authorization vulnerability in F5 products
On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints.
network
low complexity
f5 CWE-863
7.2
2021-05-10 CVE-2021-23011 Resource Exhaustion vulnerability in F5 products
On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, when the BIG-IP system is buffering packet fragments for reassembly, the Traffic Management Microkernel (TMM) may consume an excessive amount of resources, eventually leading to a restart and failover event.
network
low complexity
f5 CWE-400
7.5