Vulnerabilities > F5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-14 | CVE-2024-21763 | NULL Pointer Dereference vulnerability in F5 Big-Ip Advanced Firewall Manager When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.5 |
| 2024-02-14 | CVE-2024-21771 | Allocation of Resources Without Limits or Throttling vulnerability in F5 Big-Ip Advanced Firewall Manager For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.5 |
| 2024-02-14 | CVE-2024-21782 | OS Command Injection vulnerability in F5 products BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. | 6.7 |
| 2024-02-14 | CVE-2024-21789 | Missing Release of Resource after Effective Lifetime vulnerability in F5 products When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.5 |
| 2024-02-14 | CVE-2024-21849 | Unspecified vulnerability in F5 products When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 |
| 2024-02-14 | CVE-2024-22093 | Command Injection vulnerability in F5 products When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. | 9.6 |
| 2024-02-14 | CVE-2024-22389 | Unspecified vulnerability in F5 products When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. | 6.5 |
| 2024-02-14 | CVE-2024-23306 | Unspecified vulnerability in F5 Big-Ip Next Cloud-Native Network Functions 1.1.0/1.1.1 A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.8 |
| 2024-02-14 | CVE-2024-23308 | NULL Pointer Dereference vulnerability in F5 products When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. | 7.5 |
| 2024-02-14 | CVE-2024-23314 | Unspecified vulnerability in F5 products When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.5 |