Vulnerabilities > F5 > BIG IP Local Traffic Manager > 12.1.0

DATE CVE VULNERABILITY TITLE RISK
2017-10-27 CVE-2017-6159 Unspecified vulnerability in F5 products
F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server.
network
f5
4.3
4.3
2017-10-27 CVE-2017-6157 Unspecified vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system.
network
f5
6.8
6.8
2017-10-27 CVE-2017-0303 Incomplete Cleanup vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation.
network
low complexity
f5 CWE-459
5.0
5.0
2017-10-20 CVE-2017-6165 Information Exposure Through Log Files vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file.
network
low complexity
f5 CWE-532
5.0
5.0
2017-10-20 CVE-2017-6145 Insufficient Session Expiration vulnerability in F5 products
iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens.
network
low complexity
f5 CWE-613
7.5
7.5
2017-10-20 CVE-2017-6141 Improper Input Validation vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM).
network
f5 CWE-20
4.3
4.3
2017-06-09 CVE-2016-7469 Cross-site Scripting vulnerability in F5 products
A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML.
network
f5 CWE-79
3.5
3.5
2017-05-23 CVE-2017-6131 Use of Hard-coded Credentials vulnerability in F5 products
In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system.
network
low complexity
f5 CWE-798
7.5
7.5
2017-05-10 CVE-2016-9250 Permissions, Privileges, and Access Controls vulnerability in F5 products
In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.
network
low complexity
f5 CWE-264
5.0
5.0
2017-05-09 CVE-2017-6137 Unspecified vulnerability in F5 products
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations.
network
f5
4.3
4.3