Vulnerabilities > F5 > BIG IP Global Traffic Manager > High

DATE CVE VULNERABILITY TITLE RISK
2018-12-12 CVE-2018-15328 Information Exposure vulnerability in F5 products
On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files.
network
low complexity
f5 CWE-200
7.5
2018-10-31 CVE-2018-15327 Missing Authorization vulnerability in F5 products
In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
network
low complexity
f5 CWE-862
7.2
2018-10-31 CVE-2018-15320 Unspecified vulnerability in F5 products
On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system.
network
low complexity
f5
7.5
2018-10-31 CVE-2018-15319 Improper Input Validation vulnerability in F5 products
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart.
network
low complexity
f5 CWE-20
7.5
2018-10-31 CVE-2018-15318 Improper Input Validation vulnerability in F5 products
In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after the closing procedure is complete.
network
low complexity
f5 CWE-20
7.5
2018-10-31 CVE-2018-15317 Unspecified vulnerability in F5 products
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors.
network
low complexity
f5
7.5
2018-09-06 CVE-2018-5391 Improper Input Validation vulnerability in multiple products
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly.
7.5
2018-08-06 CVE-2018-5390 Resource Exhaustion vulnerability in multiple products
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
7.5
2018-07-25 CVE-2018-5542 Improper Input Validation vulnerability in F5 products
F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server.
network
high complexity
f5 CWE-20
8.1
2018-07-25 CVE-2018-5531 Improper Input Validation vulnerability in F5 products
Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems.
low complexity
f5 CWE-20
7.4