Vulnerabilities > F5 > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-05-02 CVE-2018-5520 Incorrect Authorization vulnerability in F5 products
On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources.
network
high complexity
f5 CWE-863
4.4
2018-05-02 CVE-2018-5519 Unspecified vulnerability in F5 products
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths.
network
low complexity
f5
4.9
2018-05-02 CVE-2018-5518 Unspecified vulnerability in F5 products
On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host.
high complexity
f5
5.4
2018-05-02 CVE-2018-5516 Incorrect Permission Assignment for Critical Resource vulnerability in F5 products
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions.
local
high complexity
f5 CWE-732
4.7
2018-05-02 CVE-2018-5515 Improper Input Validation vulnerability in F5 products
On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event.
network
high complexity
f5 CWE-20
4.4
2018-04-13 CVE-2018-5508 Unspecified vulnerability in F5 Big-Ip Policy Enforcement Manager
On F5 BIG-IP PEM versions 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.5.1-11.5.5, or 11.2.1, under certain conditions, TMM may crash when processing compressed data though a Virtual Server with an associated PEM profile using the content insertion option.
network
high complexity
f5
5.9
2018-04-13 CVE-2017-6158 Unspecified vulnerability in F5 products
In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is a vulnerability in TMM related to handling of invalid IP addresses.
network
low complexity
f5
6.5
2018-04-13 CVE-2017-6156 Unspecified vulnerability in F5 products
When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations.
network
high complexity
f5
6.4
2018-04-13 CVE-2017-6143 Improper Certificate Validation vulnerability in F5 products
X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly validated in F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.2, or 11.5.0-11.5.5.
network
high complexity
f5 CWE-295
5.4
2018-03-22 CVE-2018-5505 Unspecified vulnerability in F5 products
On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP.
network
high complexity
f5
5.9