Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
f5 big-ip domain name system vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-28742
When DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Domain Name System
4.3
CVSSv3
CVE-2023-28406
A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated malicious user to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information ...
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Web Application Firewall
F5 Big-ip Application Visibility And Reporting
F5 Big-ip Carrier-grade Nat
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Edge Gateway
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
F5 Big-ip Websafe
7.5
CVSSv3
CVE-2023-29163
When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
F5 Big-ip Advanced Firewall Manager 17.0.0
F5 Big-ip Access Policy Manager 17.0.0
F5 Big-ip Analytics 17.0.0
F5 Big-ip Application Security Manager 17.0.0
F5 Big-ip Application Acceleration Manager 17.0.0
F5 Big-ip Policy Enforcement Manager 17.0.0
F5 Big-ip Local Traffic Manager 17.0.0
F5 Big-ip Link Controller 17.0.0
F5 Big-ip Global Traffic Manager 17.0.0
F5 Big-ip Fraud Protection Service 17.0.0
F5 Big-ip Domain Name System 17.0.0
F5 Big-ip Advanced Web Application Firewall 17.0.0
F5 Big-ip Ssl Orchestrator 17.0.0
F5 Big-ip Domain Name System
F5 Big-ip Edge Gateway
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
F5 Big-ip Webaccelerator
7.5
CVSSv3
CVE-2023-22664
On BIG-IP versions 17.0.x prior to 17.0.0.2 and 16.1.x prior to 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource uti...
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
F5 Big-ip Service Proxy 1.6.0
8.5
CVSSv3
CVE-2023-22374
A format string vulnerability exists in iControl SOAP that allows an authenticated malicious user to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the malicious user to c...
F5 Big-ip Application Security Manager 13.1.0
F5 Big-ip Advanced Firewall Manager 17.0.0
F5 Big-ip Advanced Firewall Manager 13.1.5
F5 Big-ip Access Policy Manager 17.0.0
F5 Big-ip Access Policy Manager 13.1.5
F5 Big-ip Analytics 17.0.0
F5 Big-ip Analytics 13.1.5
F5 Big-ip Application Security Manager 17.0.0
F5 Big-ip Application Acceleration Manager 17.0.0
F5 Big-ip Application Acceleration Manager 13.1.5
F5 Big-ip Policy Enforcement Manager 17.0.0
F5 Big-ip Policy Enforcement Manager 13.1.5
F5 Big-ip Local Traffic Manager 17.0.0
F5 Big-ip Local Traffic Manager 13.1.5
F5 Big-ip Link Controller 17.0.0
F5 Big-ip Link Controller 13.1.5
F5 Big-ip Fraud Protection Service 17.0.0
F5 Big-ip Fraud Protection Service 13.1.5
F5 Big-ip Domain Name System 17.0.0
F5 Big-ip Ssl Orchestrator 13.1.5
F5 Big-ip Ddos Hybrid Defender 13.1.5
F5 Big-ip Application Security Manager
1 Github repository
6.1
CVSSv3
CVE-2023-22418
On versions 17.0.x prior to 17.0.0.2, 16.1.x prior to 16.1.3.3, 15.1.x prior to 15.1.7, 14.1.x prior to 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthentic...
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Fraud Protection Service
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Domain Name System
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Ssl Orchestrator
7.5
CVSSv3
CVE-2023-22842
On BIG-IP versions 16.1.x prior to 16.1.3.3, 15.1.x prior to 15.1.8.1, 14.1.x prior to 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to termin...
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Ssl Orchestrator
7.5
CVSSv3
CVE-2023-23555
On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to prior to 15.1.8 and 14.1.x beginning in 14.1.5 to prior to 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to prior to 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traff...
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Access Policy Manager
F5 Big-ip Analytics
F5 Big-ip Application Security Manager
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Domain Name System
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Ssl Orchestrator
F5 Big-ip Application Acceleration Manager
F5 Big-ip Service Proxy
7.5
CVSSv3
CVE-2023-22839
On BIG-IP versions 17.0.x prior to 17.0.0.2, 16.1.x prior to 16.1.3.3, 15.1.x prior to 15.1.8.1, 14.1.x prior to 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enable...
F5 Big-ip Local Traffic Manager
F5 Big-ip Domain Name System
F5 Big-ip 10000s Firmware -
F5 Big-ip 10200v Firmware -
F5 Big-ip 10200v-ssl Firmware -
F5 Big-ip 12000 Firmware -
F5 Big-ip 5000s Firmware -
F5 Big-ip 5200v Firmware -
F5 Big-ip 5200v-ssl Firmware -
F5 Big-ip 7000s Firmware -
F5 Big-ip 7200v Firmware -
F5 Big-ip 7200v-ssl Firmware -
F5 Big-ip I10600 Firmware -
F5 Big-ip I10800 Firmware -
F5 Big-ip I11600 Firmware -
F5 Big-ip I11800 Firmware -
F5 Big-ip I15600 Firmware -
F5 Big-ip I15800 Firmware -
F5 Big-ip I5600 Firmware -
F5 Big-ip I5800 Firmware -
F5 Big-ip I7600 Firmware -
F5 Big-ip I7800 Firmware -
5.9
CVSSv3
CVE-2023-22302
In BIG-IP versions 17.0.x prior to 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to prior to 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP s...
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Ddos Hybrid Defender
F5 Big-ip Application Security Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Ssl Orchestrator
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »