CVE-2024-21763
- EPSS 0.52%
- Veröffentlicht 14.02.2024 17:15:11
- Zuletzt bearbeitet 12.12.2024 19:12:18
When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate. NOTE: Software versions which have reached End of Tech...
CVE-2024-21771
- EPSS 0.52%
- Veröffentlicht 14.02.2024 17:15:11
- Zuletzt bearbeitet 23.01.2025 19:42:31
For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption. Note: Software versions whic...
CVE-2023-46747
- EPSS 96.52%
- Veröffentlicht 26.10.2023 21:15:08
- Zuletzt bearbeitet 27.10.2025 17:07:09
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions wh...
CVE-2023-46748
- EPSS 4.47%
- Veröffentlicht 26.10.2023 21:15:08
- Zuletzt bearbeitet 27.10.2025 17:07:05
An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execut...
CVE-2023-44487
- EPSS 100%
- Veröffentlicht 10.10.2023 14:15:10
- Zuletzt bearbeitet 12.05.2026 15:10:32
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-45219
- EPSS 0.18%
- Veröffentlicht 10.10.2023 13:15:22
- Zuletzt bearbeitet 21.11.2024 08:26:34
Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions ...
CVE-2023-41085
- EPSS 0.52%
- Veröffentlicht 10.10.2023 13:15:21
- Zuletzt bearbeitet 21.11.2024 08:20:32
When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-41373
- EPSS 2.38%
- Veröffentlicht 10.10.2023 13:15:21
- Zuletzt bearbeitet 21.11.2024 08:21:10
A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacke...
CVE-2023-41964
- EPSS 0.24%
- Veröffentlicht 10.10.2023 13:15:21
- Zuletzt bearbeitet 21.11.2024 08:22:00
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-42768
- EPSS 0.53%
- Veröffentlicht 10.10.2023 13:15:21
- Zuletzt bearbeitet 21.11.2024 08:23:07
When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have...