Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 big-ip carrier-grade nat vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-27720
On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when processing NAT66 traffic with Port Block Allocation (PBA) mode and SP-DAG enabled, and dag-ipv6-prefix-len configured with a value less than the default of 128, an undisclosed t...
F5 Big-ip Carrier-grade Nat
F5 Big-ip Local Traffic Manager
8.8
CVSSv3
CVE-2022-28716
On 16.1.x versions before 16.1.2.2, 15.1.x versions before 15.1.5.1, 14.1.x versions before 14.1.4.6, 13.1.x versions before 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and...
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Carrier-grade Nat
8.7
CVSSv3
CVE-2023-43746
When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the malicious user to cross a security boundary. Note: So...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Local Traffic Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
9.9
CVSSv3
CVE-2023-41373
A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated malicious user to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the malicious user to cross a secur...
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Local Traffic Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
8.1
CVSSv3
CVE-2023-40537
An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Local Traffic Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
6.1
CVSSv3
CVE-2023-27378
Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an malicious user to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technica...
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Edge Gateway
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
4.4
CVSSv3
CVE-2023-45219
Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technic...
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Edge Gateway
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
5.4
CVSSv3
CVE-2023-38423
A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an malicious user to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS)...
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Edge Gateway
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
3.7
CVSSv3
CVE-2022-41983
On specific hardware platforms, on BIG-IP versions 16.1.x prior to 16.1.3.1, 15.1.x prior to 15.1.7, 14.1.x prior to 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to sen...
F5 Big-ip Analytics
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Websafe
F5 Big-ip Webaccelerator
F5 Big-ip Ssl Orchestrator
F5 Big-ip Edge Gateway
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Carrier-grade Nat
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Visibility And Reporting
4.3
CVSSv3
CVE-2023-28406
A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated malicious user to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information ...
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Edge Gateway
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »