Summary
| Detail | |||
|---|---|---|---|
| Vendor | f5 | First view | 2018-07-06 |
| Product | Big-Ip Advanced Firewall Manager | Last view | 2024-08-14 |
| Version | 14.1.0.2.0.45.4 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:f5:big-ip_advanced_firewall_manager | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2024-08-14 | CVE-2024-41727 | In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
| 4.3 | 2024-08-14 | CVE-2024-41723 | Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
| 7.5 | 2024-08-14 | CVE-2024-41164 | When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
| 7.5 | 2024-08-14 | CVE-2024-39778 | When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate. Â Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
| 7.5 | 2024-02-14 | CVE-2024-24775 | When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
| 7.5 | 2024-02-14 | CVE-2024-23979 | When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
| 4.4 | 2024-02-14 | CVE-2024-23976 | When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Â Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
| 7.5 | 2024-02-14 | CVE-2024-23314 | When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
| 6.5 | 2024-02-14 | CVE-2024-22389 | When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
| 9.6 | 2024-02-14 | CVE-2024-22093 | When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
| 6.7 | 2024-02-14 | CVE-2024-21782 | BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
| 7.5 | 2024-02-14 | CVE-2024-21771 | For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
| 7.5 | 2024-02-14 | CVE-2024-21763 | When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate.  NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
| 8.8 | 2023-10-26 | CVE-2023-46748 | An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Â Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
| 9.8 | 2023-10-26 | CVE-2023-46747 | Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
| 0 | 2023-10-10 | CVE-2023-45219 | Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
| 7.5 | 2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| 0 | 2023-10-10 | CVE-2023-43746 | When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
| 0 | 2023-10-10 | CVE-2023-43611 | The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
| 0 | 2023-10-10 | CVE-2023-43485 | When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
| 0 | 2023-10-10 | CVE-2023-42768 | When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
| 6.5 | 2023-10-10 | CVE-2023-41964 | The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
| 0 | 2023-10-10 | CVE-2023-41373 | A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
| 0 | 2023-10-10 | CVE-2023-41085 | When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
| 0 | 2023-10-10 | CVE-2023-40542 | When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 15% (20) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 10% (14) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 7% (10) | CWE-476 | NULL Pointer Dereference |
| 4% (6) | CWE-770 | Allocation of Resources Without Limits or Throttling |
| 3% (5) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 3% (5) | CWE-319 | Cleartext Transmission of Sensitive Information |
| 3% (5) | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('O... |
| 3% (5) | CWE-20 | Improper Input Validation |
| 3% (4) | CWE-269 | Improper Privilege Management |
| 3% (4) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 2% (3) | CWE-362 | Race Condition |
| 2% (3) | CWE-326 | Inadequate Encryption Strength |
| 2% (3) | CWE-287 | Improper Authentication |
| 2% (3) | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Comma... |
| 2% (3) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 1% (2) | CWE-787 | Out-of-bounds Write |
| 1% (2) | CWE-755 | Improper Handling of Exceptional Conditions |
| 1% (2) | CWE-682 | Incorrect Calculation |
| 1% (2) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 1% (2) | CWE-434 | Unrestricted Upload of File with Dangerous Type |
| 1% (2) | CWE-404 | Improper Resource Shutdown or Release |
| 1% (2) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 1% (2) | CWE-203 | Information Exposure Through Discrepancy |
| 1% (2) | CWE-125 | Out-of-bounds Read |
| 1% (2) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
SAINT Exploits
| Description | Link |
|---|---|
| F5 BIG-IP iControl REST vulnerability | More info here |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-08-11 | F5 BIG-IP Traffic Management User Interface remote code execution attempt RuleID : 54484 - Type : SERVER-WEBAPP - Revision : 2 |
| 2020-08-06 | F5 BIG-IP Traffic Management User Interface remote code execution attempt RuleID : 54462 - Type : SERVER-WEBAPP - Revision : 3 |
| 2020-07-07 | lodash defaultsDeep prototype pollution attempt RuleID : 54184 - Type : SERVER-OTHER - Revision : 1 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-11 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2018-075.nasl - Type: ACT_GATHER_INFO |
| 2019-01-10 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-50075276e8.nasl - Type: ACT_GATHER_INFO |
| 2018-12-11 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1406.nasl - Type: ACT_GATHER_INFO |
| 2018-11-16 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-3083.nasl - Type: ACT_GATHER_INFO |
| 2018-10-26 | Name: The remote EulerOS Virtualization host is missing a security update. File: EulerOS_SA-2018-1352.nasl - Type: ACT_GATHER_INFO |
| 2018-10-10 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-2846.nasl - Type: ACT_GATHER_INFO |
| 2018-09-04 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1278.nasl - Type: ACT_GATHER_INFO |
| 2018-09-04 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1279.nasl - Type: ACT_GATHER_INFO |
| 2018-08-16 | Name: The remote Debian host is missing a security update. File: debian_DLA-1466.nasl - Type: ACT_GATHER_INFO |
| 2018-08-15 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-1058.nasl - Type: ACT_GATHER_INFO |
| 2018-08-15 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1058.nasl - Type: ACT_GATHER_INFO |
| 2018-08-15 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4272.nasl - Type: ACT_GATHER_INFO |
| 2018-08-07 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4266.nasl - Type: ACT_GATHER_INFO |
| 2018-08-03 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-049.nasl - Type: ACT_GATHER_INFO |
| 2018-07-24 | Name: The remote Fedora host is missing a security update. File: fedora_2018-8484550fff.nasl - Type: ACT_GATHER_INFO |
