Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

f5 big-ip webaccelerator vulnerabilities and exploits

(subscribe to this query)
8.8
CVSSv3
CVE-2023-46748
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Not...
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Carrier-grade NatF5 Big-ip Ddos Hybrid DefenderF5 Big-ip Ssl OrchestratorF5 Big-ip Local Traffic ManagerF5 Big-ip Policy Enforcement ManagerF5 Big-ip Automation ToolchainF5 Big-ip Container Ingress ServicesF5 Big-ip Advanced Web Application FirewallF5 Big-ip Domain Name SystemF5 Big-ip Application Security ManagerF5 Big-ip AnalyticsF5 Big-ip Application Acceleration ManagerF5 Big-ip Application Visibility And ReportingF5 Big-ip Fraud Protection ServicesF5 Big-ip Global Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip WebacceleratorF5 Big-ip Websafe
9.8
CVSSv3
CVE-2023-46747
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Techni...
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Advanced Web Application FirewallF5 Big-ip Carrier-grade NatF5 Big-ip Ddos Hybrid DefenderF5 Big-ip Ssl OrchestratorF5 Big-ip Domain Name SystemF5 Big-ip Local Traffic ManagerF5 Big-ip Policy Enforcement ManagerF5 Big-ip Automation ToolchainF5 Big-ip Container Ingress ServicesF5 Big-ip Application Security ManagerF5 Big-ip AnalyticsF5 Big-ip Application Acceleration ManagerF5 Big-ip Application Visibility And ReportingF5 Big-ip Fraud Protection ServicesF5 Big-ip Global Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip WebacceleratorF5 Big-ip Websafe
7.5
CVSSv3
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0Nghttp2 Nghttp2Netty NettyEnvoyproxy Envoy 1.27.0Envoyproxy Envoy 1.26.4Envoyproxy Envoy 1.25.9Envoyproxy Envoy 1.24.10Eclipse JettyCaddyserver CaddyGolang Http2Golang GoGolang NetworkingF5 Big-ip AnalyticsF5 Big-ip Policy Enforcement ManagerF5 Big-ip Local Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip Global Traffic ManagerF5 Big-ip Fraud Protection ServiceF5 Big-ip Domain Name SystemF5 Big-ip Application Security ManagerF5 Big-ip Application Acceleration ManagerF5 Big-ip Advanced Firewall Manager
7.5
CVSSv3
CVE-2023-41085
When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip AnalyticsF5 Big-ip Policy Enforcement ManagerF5 Big-ip Local Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip Global Traffic ManagerF5 Big-ip Fraud Protection ServiceF5 Big-ip Domain Name SystemF5 Big-ip Application Security ManagerF5 Big-ip Application Acceleration ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Access Policy ManagerF5 Big-ip Advanced Web Application FirewallF5 Big-ip Application Visibility And ReportingF5 Big-ip Carrier-grade NatF5 Big-ip Ddos Hybrid DefenderF5 Big-ip Edge GatewayF5 Big-ip Ssl OrchestratorF5 Big-ip WebacceleratorF5 Big-ip Websafe
8.7
CVSSv3
CVE-2023-43746
When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the malicious user to cross a security boundary. Note: So...
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Application Security ManagerF5 Big-ip Domain Name SystemF5 Big-ip Local Traffic ManagerF5 Big-ip Advanced Web Application FirewallF5 Big-ip AnalyticsF5 Big-ip Application Acceleration ManagerF5 Big-ip Application Visibility And ReportingF5 Big-ip Carrier-grade NatF5 Big-ip Ddos Hybrid DefenderF5 Big-ip Fraud Protection ServiceF5 Big-ip Global Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip Policy Enforcement ManagerF5 Big-ip Ssl OrchestratorF5 Big-ip WebacceleratorF5 Big-ip Websafe
5.5
CVSSv3
CVE-2023-43485
When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-iq Centralized ManagementF5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Application Security ManagerF5 Big-ip Domain Name SystemF5 Big-ip Local Traffic ManagerF5 Big-ip Advanced Web Application FirewallF5 Big-ip AnalyticsF5 Big-ip Application Acceleration ManagerF5 Big-ip Application Visibility And ReportingF5 Big-ip Carrier-grade NatF5 Big-ip Ddos Hybrid DefenderF5 Big-ip Fraud Protection ServiceF5 Big-ip Global Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip Policy Enforcement ManagerF5 Big-ip Ssl OrchestratorF5 Big-ip WebacceleratorF5 Big-ip Websafe
7.5
CVSSv3
CVE-2023-40534
When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions wh...
F5 Big-ip Access Policy Manager 17.1.0F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Application Security ManagerF5 Big-ip Domain Name SystemF5 Big-ip Local Traffic ManagerF5 Big-ip Advanced Firewall Manager 17.1.0F5 Big-ip Advanced Web Application Firewall 17.1.0F5 Big-ip Analytics 17.1.0F5 Big-ip Application Acceleration Manager 17.1.0F5 Big-ip Application Security Manager 17.1.0F5 Big-ip Application Visibility And Reporting 17.1.0F5 Big-ip Carrier-grade Nat 17.1.0F5 Big-ip Ddos Hybrid Defender 17.1.0F5 Big-ip Domain Name System 17.1.0F5 Big-ip Edge Gateway 17.1.0F5 Big-ip Fraud Protection Service 17.1.0F5 Big-ip Global Traffic Manager 17.1.0F5 Big-ip Link Controller 17.1.0F5 Big-ip Local Traffic Manager 17.1.0F5 Big-ip Policy Enforcement Manager 17.1.0F5 Big-ip Ssl Orchestrator 17.1.0
8.1
CVSSv3
CVE-2023-40537
An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Application Security ManagerF5 Big-ip Domain Name SystemF5 Big-ip Local Traffic ManagerF5 Big-ip Advanced Web Application FirewallF5 Big-ip AnalyticsF5 Big-ip Application Acceleration ManagerF5 Big-ip Application Visibility And ReportingF5 Big-ip Carrier-grade NatF5 Big-ip Ddos Hybrid DefenderF5 Big-ip Fraud Protection ServiceF5 Big-ip Global Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip Policy Enforcement ManagerF5 Big-ip Ssl OrchestratorF5 Big-ip WebacceleratorF5 Big-ip Websafe
7.5
CVSSv3
CVE-2023-40542
When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
F5 Big-ip AnalyticsF5 Big-ip Policy Enforcement ManagerF5 Big-ip Local Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip Global Traffic ManagerF5 Big-ip Fraud Protection ServiceF5 Big-ip Domain Name SystemF5 Big-ip Application Security ManagerF5 Big-ip Application Acceleration ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Access Policy ManagerF5 Big-ip Advanced Web Application FirewallF5 Big-ip Application Visibility And ReportingF5 Big-ip Carrier-grade NatF5 Big-ip Ddos Hybrid DefenderF5 Big-ip Edge GatewayF5 Big-ip Ssl OrchestratorF5 Big-ip WebacceleratorF5 Big-ip Websafe
9.9
CVSSv3
CVE-2023-41373
A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated malicious user to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the malicious user to cross a secur...
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Application Security ManagerF5 Big-ip Domain Name SystemF5 Big-ip Local Traffic ManagerF5 Big-ip Advanced Web Application FirewallF5 Big-ip AnalyticsF5 Big-ip Application Acceleration ManagerF5 Big-ip Application Visibility And ReportingF5 Big-ip Carrier-grade NatF5 Big-ip Ddos Hybrid DefenderF5 Big-ip Fraud Protection ServiceF5 Big-ip Global Traffic ManagerF5 Big-ip Link ControllerF5 Big-ip Policy Enforcement ManagerF5 Big-ip Ssl OrchestratorF5 Big-ip WebacceleratorF5 Big-ip Websafe
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook