Vulnerabilities > F5 > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-14 CVE-2024-23308 NULL Pointer Dereference vulnerability in F5 products
When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate.
network
low complexity
f5 CWE-476
7.5
2024-02-14 CVE-2024-23982 Out-of-bounds Write vulnerability in F5 Big-Ip Policy Enforcement Manager
When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
network
low complexity
f5 CWE-787
7.5
2023-11-21 CVE-2023-45886 The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.
network
low complexity
f5 ipinfusion
7.5
2023-10-26 CVE-2023-46748 SQL Injection vulnerability in F5 products
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
network
low complexity
f5 CWE-89
8.8
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-10-10 CVE-2023-45226 Unspecified vulnerability in F5 Big-Ip Next Service Proxy for Kubernetes 1.5.0
The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers.
network
high complexity
f5
7.4
2023-10-10 CVE-2023-5450 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
local
low complexity
f5
7.8
2023-09-27 CVE-2023-43124 Unspecified vulnerability in F5 products
BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
low complexity
f5
7.1
2023-09-27 CVE-2023-43125 Unspecified vulnerability in F5 products
BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
network
low complexity
f5
8.2
2023-08-02 CVE-2023-38418 Unspecified vulnerability in F5 Big-Ip Access Policy Manager
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
local
low complexity
f5
7.8