Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
big-ip advanced firewall manager vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-22281
On versions 17.0.x prior to 17.0.0.2, 16.1.x prior to 16.1.3.3, 15.1.x prior to 15.1.8, 14.1.x prior to 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traff...
F5 Big-ip Advanced Firewall Manager
NA
CVE-2023-22323
In BIP-IP versions 17.0.x prior to 17.0.0.2, 16.1.x prior to 16.1.3.3, 15.1.x prior to 15.1.8.1, 14.1.x prior to 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource ut...
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Fraud Protection Service
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Ssl Orchestrator
F5 Big-ip Domain Name System
NA
CVE-2023-22326
In BIG-IP versions 17.0.x prior to 17.0.0.2, 16.1.x prior to 16.1.3.3, 15.1.x prior to 15.1.8.1, 14.1.x prior to 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS she...
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Fraud Protection Service
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Ssl Orchestrator
F5 Big-ip Domain Name System
NA
CVE-2022-41622
In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-iq Centralized Management 7.1.0
F5 Big-iq Centralized Management
F5 Big-ip Advanced Firewall Manager 17.0.0
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics 17.0.0
F5 Big-ip Analytics
F5 Big-ip Access Policy Manager 17.0.0
F5 Big-ip Access Policy Manager
F5 Big-ip Application Security Manager 17.0.0
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System 17.0.0
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service 17.0.0
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager 17.0.0
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller 17.0.0
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager 17.0.0
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager 17.0.0
F5 Big-ip Policy Enforcement Manager
NA
CVE-2022-41800
In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the malicious user to cross a secur...
F5 Big-ip Access Policy Manager 17.0.0
F5 Big-ip Analytics 17.0.0
F5 Big-ip Application Security Manager 17.0.0
F5 Big-ip Application Acceleration Manager 17.0.0
F5 Big-ip Policy Enforcement Manager 17.0.0
F5 Big-ip Local Traffic Manager 17.0.0
F5 Big-ip Link Controller 17.0.0
F5 Big-ip Global Traffic Manager 17.0.0
F5 Big-ip Fraud Protection Service 17.0.0
F5 Big-ip Domain Name System 17.0.0
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
NA
CVE-2022-36795
In BIG-IP versions 17.0.x prior to 17.0.0.1, 16.1.x prior to 16.1.3.1, 15.1.x prior to 15.1.7, and 14.1.x prior to 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop proces...
F5 Big-ip Analytics
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Application Security Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
NA
CVE-2022-41694
In BIG-IP versions 16.1.x prior to 16.1.3, 15.1.x prior to 15.1.6.1, 14.1.x prior to 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x prior to 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to...
F5 Big-ip Application Security Manager
F5 Big-ip Analytics
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
NA
CVE-2022-41813
In versions 16.1.x prior to 16.1.3.1, 15.1.x prior to 15.1.6.1, 14.1.x prior to 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate.
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Advanced Firewall Manager
NA
CVE-2022-41836
When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.
F5 Big-ip Application Security Manager 17.0.0
F5 Big-ip Advanced Web Application Firewall 17.0.0
F5 Big-ip Application Security Manager
F5 Big-ip Advanced Web Application Firewall
NA
CVE-2022-41832
In BIG-IP versions 17.0.x prior to 17.0.0.1, 16.1.x prior to 16.1.3.1, 15.1.x prior to 15.1.6.1, 14.1.x prior to 14.1.5.1, and 13.1.x prior to 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization...
F5 Big-ip Analytics
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
command injection
CVE-2021-47511
CVE-2024-26238
CVE-2024-4858
CVE-2024-21305
XXE
CVE-2021-47555
CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »