F5

Big-ip Carrier-grade Nat

70 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-53856

  • EPSS 0.11%
  • Veröffentlicht 15.10.2025 13:55:49
  • Zuletzt bearbeitet 21.10.2025 20:19:02

When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM)...

5.3

CVE-2025-58424

  • EPSS 0.08%
  • Veröffentlicht 15.10.2025 13:55:47
  • Zuletzt bearbeitet 22.10.2025 20:58:41

On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection.  Note: Software versions which have reached End of Technical Support (EoTS) are not evalu...

7.5

CVE-2025-59781

  • EPSS 0.11%
  • Veröffentlicht 15.10.2025 13:55:46
  • Zuletzt bearbeitet 22.10.2025 21:02:07

When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

7.5

CVE-2025-46706

  • EPSS 0.11%
  • Veröffentlicht 15.10.2025 13:55:45
  • Zuletzt bearbeitet 21.10.2025 18:54:09

When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evalua...

7.5

CVE-2025-48008

  • EPSS 0.11%
  • Veröffentlicht 15.10.2025 13:55:44
  • Zuletzt bearbeitet 21.10.2025 18:53:07

When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions...

7.5

CVE-2025-58153

  • EPSS 0.1%
  • Veröffentlicht 15.10.2025 13:55:44
  • Zuletzt bearbeitet 22.10.2025 20:50:21

Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB.  Note: Software versions which have reached End of Technical Support (EoTS)...

5.3

CVE-2025-59268

  • EPSS 0.08%
  • Veröffentlicht 15.10.2025 13:55:42
  • Zuletzt bearbeitet 21.10.2025 19:33:09

On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility.  Note: Software versions which have reached End of Technical Support (Eo...

6.1

CVE-2025-59269

  • EPSS 0.07%
  • Veröffentlicht 15.10.2025 13:55:42
  • Zuletzt bearbeitet 21.10.2025 19:33:38

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.   Note: Software versions which have reache...

7.5

CVE-2025-53474

  • EPSS 0.11%
  • Veröffentlicht 15.10.2025 13:55:41
  • Zuletzt bearbeitet 21.10.2025 19:49:57

When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evalu...

7.5

CVE-2025-54500

Medienbericht
  • EPSS 0.11%
  • Veröffentlicht 13.08.2025 14:46:55
  • Zuletzt bearbeitet 03.11.2025 20:19:14

An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).  Note: Software versions which have reached End of Technical Su...