Vulnerabilities > F5 > BIG IP Webaccelerator > 11.6.2

DATE CVE VULNERABILITY TITLE RISK
2019-05-03 CVE-2019-6617 Improper Privilege Management vulnerability in F5 products
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files (such as /etc/passwd) using SFTP to modify user permissions, without Advanced Shell access.
network
low complexity
f5 CWE-269
6.5
6.5
2019-05-03 CVE-2019-6616 Unspecified vulnerability in F5 products
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode.
network
low complexity
f5
7.2
7.2
2019-05-03 CVE-2019-6615 Unspecified vulnerability in F5 products
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems.
network
low complexity
f5
4.9
4.9
2019-05-03 CVE-2019-6613 Cleartext Transmission of Sensitive Information vulnerability in F5 products
On BIG-IP 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, SNMP may expose sensitive configuration objects over insecure transmission channels.
network
low complexity
f5 CWE-319
5.3
5.3
2019-05-03 CVE-2019-6611 Unspecified vulnerability in F5 products
When BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 are processing certain rare data sequences occurring in PPTP VPN traffic, the BIG-IP system may execute incorrect logic.
network
low complexity
f5
7.5
7.5
2019-03-28 CVE-2019-6608 Memory Leak vulnerability in F5 products
On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests.
network
f5 CWE-401
7.1
7.1
2019-03-28 CVE-2019-6606 Memory Leak vulnerability in F5 products
On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, when processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of memory.
network
low complexity
f5 CWE-401
4.0
4.0
2019-03-28 CVE-2019-6605 Unspecified vulnerability in F5 products
On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service.
network
low complexity
f5
5.0
5.0
2019-03-28 CVE-2019-6604 Unspecified vulnerability in F5 products
On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed Bridge.
network
f5
4.3
4.3
2019-03-28 CVE-2019-6603 Unspecified vulnerability in F5 products
In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0.1, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service.
network
low complexity
f5
5.0
5.0