Vulnerabilities > F5 > BIG IP Local Traffic Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-19 CVE-2018-5532 Unspecified vulnerability in F5 products
On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name.
network
low complexity
f5
5.3
2018-06-01 CVE-2018-5525 Information Exposure vulnerability in F5 products
A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data.
network
low complexity
f5 CWE-200
4.3
2018-06-01 CVE-2018-5524 Unspecified vulnerability in F5 products
Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue.
network
low complexity
f5
5.3
2018-06-01 CVE-2018-5522 Improper Input Validation vulnerability in F5 products
On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash.
network
high complexity
f5 CWE-20
5.9
2018-06-01 CVE-2018-5521 Cross-site Scripting vulnerability in F5 products
On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS.
network
low complexity
f5 CWE-79
6.1
2018-06-01 CVE-2017-6153 Resource Exhaustion vulnerability in F5 products
Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack.
network
low complexity
f5 CWE-400
5.3
2018-05-02 CVE-2018-5520 Incorrect Authorization vulnerability in F5 products
On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources.
network
high complexity
f5 CWE-863
4.4
2018-05-02 CVE-2018-5519 Unspecified vulnerability in F5 products
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths.
network
low complexity
f5
4.9
2018-05-02 CVE-2018-5518 Unspecified vulnerability in F5 products
On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host.
high complexity
f5
5.4
2018-05-02 CVE-2018-5516 Incorrect Permission Assignment for Critical Resource vulnerability in F5 products
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions.
local
high complexity
f5 CWE-732
4.7