Vulnerabilities > F5 > BIG IP Policy Enforcement Manager

DATE CVE VULNERABILITY TITLE RISK
2018-05-02 CVE-2018-5518 Unspecified vulnerability in F5 products
On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host.
high complexity
f5
5.4
2018-05-02 CVE-2018-5517 Improper Input Validation vulnerability in F5 products
On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service.
network
low complexity
f5 CWE-20
7.5
2018-05-02 CVE-2018-5516 Incorrect Permission Assignment for Critical Resource vulnerability in F5 products
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions.
local
high complexity
f5 CWE-732
4.7
2018-05-02 CVE-2018-5515 Improper Input Validation vulnerability in F5 products
On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event.
network
high complexity
f5 CWE-20
4.4
2018-05-02 CVE-2018-5514 Improper Input Validation vulnerability in F5 products
On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service.
network
low complexity
f5 CWE-20
7.5
2018-05-02 CVE-2018-5512 Unspecified vulnerability in F5 products
On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart.
network
low complexity
f5
7.5
2018-04-13 CVE-2018-5511 Unsafe Reflection vulnerability in multiple products
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
network
low complexity
f5 vmware CWE-470
7.2
2018-04-13 CVE-2018-5510 Improper Input Validation vulnerability in F5 products
On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TMM) may restart when processing a specific sequence of packets on IPv6 virtual servers.
network
low complexity
f5 CWE-20
7.5
2018-04-13 CVE-2018-5508 Unspecified vulnerability in F5 Big-Ip Policy Enforcement Manager
On F5 BIG-IP PEM versions 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.5.1-11.5.5, or 11.2.1, under certain conditions, TMM may crash when processing compressed data though a Virtual Server with an associated PEM profile using the content insertion option.
network
high complexity
f5
5.9
2018-04-13 CVE-2018-5507 Unspecified vulnerability in F5 products
On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU.
network
low complexity
f5
7.5