Vulnerabilities > F5 > BIG IP Global Traffic Manager > High

DATE CVE VULNERABILITY TITLE RISK
2018-04-13 CVE-2018-5511 Unsafe Reflection vulnerability in multiple products
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
network
low complexity
f5 vmware CWE-470
7.2
2018-04-13 CVE-2018-5510 Improper Input Validation vulnerability in F5 products
On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TMM) may restart when processing a specific sequence of packets on IPv6 virtual servers.
network
low complexity
f5 CWE-20
7.5
2018-04-13 CVE-2018-5507 Unspecified vulnerability in F5 products
On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU.
network
low complexity
f5
7.5
2018-03-22 CVE-2018-5504 Unspecified vulnerability in F5 products
In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1.
network
high complexity
f5
8.1
2018-03-22 CVE-2018-5502 Improper Certificate Validation vulnerability in F5 products
On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate.
network
low complexity
f5 CWE-295
7.5
2017-12-21 CVE-2017-6164 Improper Input Validation vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system.
network
high complexity
f5 CWE-20
8.1
2017-12-21 CVE-2017-6151 Unspecified vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM.
network
low complexity
f5
7.5
2017-12-21 CVE-2017-6140 Improper Input Validation vulnerability in F5 products
On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services.
network
low complexity
f5 CWE-20
7.5
2017-12-21 CVE-2017-6138 Improper Input Validation vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart.
network
low complexity
f5 CWE-20
7.5
2017-12-21 CVE-2017-6135 Missing Release of Resource after Effective Lifetime vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions.
network
low complexity
f5 CWE-772
7.5