Vulnerabilities > F5

DATE CVE VULNERABILITY TITLE RISK
2017-05-09 CVE-2016-9251 Permissions, Privileges, and Access Controls vulnerability in F5 products
In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.
network
low complexity
f5 CWE-264
8.8
2017-05-01 CVE-2017-6128 Unspecified vulnerability in F5 products
An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.
network
low complexity
f5
7.5
2017-04-11 CVE-2016-7467 Improper Input Validation vulnerability in F5 Big-Ip Access Policy Manager
The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.
network
high complexity
f5 CWE-20
5.3
2017-04-06 CVE-2017-6130 Server-Side Request Forgery (SSRF) vulnerability in F5 SSL Intercept Iapp and SSL Orchestrator
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic.
network
low complexity
f5 CWE-918
7.4
2017-04-06 CVE-2017-0305 Unspecified vulnerability in F5 SSL Intercept Iapp 1.5.0/1.5.7
F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic.
network
low complexity
f5
critical
9.8
2017-03-27 CVE-2016-9252 Data Processing Errors vulnerability in F5 products
The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors.
network
low complexity
f5 CWE-19
7.5
2017-03-27 CVE-2016-7474 Information Exposure vulnerability in F5 products
In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information.
local
low complexity
f5 CWE-200
5.5
2017-03-23 CVE-2016-7468 Improper Access Control vulnerability in F5 products
An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic.
network
high complexity
f5 CWE-284
5.9
2017-03-07 CVE-2016-9245 Improper Access Control vulnerability in F5 products
In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart.
network
high complexity
f5 CWE-284
5.9
2017-02-20 CVE-2016-6249 Information Exposure vulnerability in F5 products
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log.
local
low complexity
f5 CWE-200
5.3