Vulnerabilities > F5 > BIG IP Link Controller > 13.1.0.0

DATE CVE VULNERABILITY TITLE RISK
2018-06-27 CVE-2018-5527 Missing Release of Resource after Effective Lifetime vulnerability in F5 products
On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to leak memory.
network
low complexity
f5 CWE-772
7.5
7.5
2018-06-01 CVE-2018-5513 Improper Input Validation vulnerability in F5 products
On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service.
network
low complexity
f5 CWE-20
7.5
7.5
2018-05-02 CVE-2018-5517 Improper Input Validation vulnerability in F5 products
On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service.
network
low complexity
f5 CWE-20
7.5
7.5
2018-05-02 CVE-2018-5515 Improper Input Validation vulnerability in F5 products
On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event.
network
high complexity
f5 CWE-20
4.4
4.4
2018-05-02 CVE-2018-5514 Improper Input Validation vulnerability in F5 products
On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service.
network
low complexity
f5 CWE-20
7.5
7.5
2018-05-02 CVE-2018-5512 Unspecified vulnerability in F5 products
On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart.
network
low complexity
f5
7.5
7.5
2018-03-22 CVE-2018-5509 Improper Input Validation vulnerability in F5 products
On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service.
network
low complexity
f5 CWE-20
7.5
7.5
2018-03-22 CVE-2018-5504 Unspecified vulnerability in F5 products
In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1.
network
high complexity
f5
8.1
8.1
2018-03-22 CVE-2018-5502 Improper Certificate Validation vulnerability in F5 products
On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate.
network
low complexity
f5 CWE-295
7.5
7.5