F5 Big-Ip Analytics vulnerabilities
472 known vulnerabilities affecting f5/big-ip_analytics.
Total CVEs
472
CISA KEV
11
actively exploited
Public exploits
19
Exploited in wild
11
Severity breakdown
CRITICAL38HIGH263MEDIUM166LOW5
Vulnerabilities
Page 12 of 24
CVE-2020-5923MEDIUMCVSS 5.4≥ 11.6.1, < 11.6.5.2≥ 12.1.0, < 12.1.5.2+3 more2020-08-26
CVE-2020-5923 [MEDIUM] CVE-2020-5923: In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11
In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses.
nvd
CVE-2020-5916MEDIUMCVSS 6.8≥ 15.0.0, < 15.0.1.4≥ 15.1.0, < 15.1.0.52020-08-26
CVE-2020-5916 [MEDIUM] CWE-269 CVE-2020-5916: In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and h
In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory.
nvd
CVE-2020-5917MEDIUMCVSS 5.9≥ 11.6.1, ≤ 11.6.5≥ 12.1.0, < 12.1.5.2+4 more2020-08-26
CVE-2020-5917 [MEDIUM] CWE-326 CVE-2020-5917: In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure.
nvd
CVE-2020-5915MEDIUMCVSS 6.1≥ 11.6.1, < 11.6.5.2≥ 12.1.0, < 12.1.5.2+4 more2020-08-26
CVE-2020-5915 [MEDIUM] CWE-79 CVE-2020-5915: In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust.
nvd
CVE-2020-5902CRITICALCVSS 9.8KEVPoC≥ 11.6.1, < 11.6.5.2≥ 12.1.0, < 12.1.5.2+4 more2020-07-01
CVE-2020-5902 [CRITICAL] CWE-22 CVE-2020-5902: In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
nvd
CVE-2020-5906HIGHCVSS 8.1≥ 11.6.1, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5+1 more2020-07-01
CVE-2020-5906 [HIGH] CWE-276 CVE-2020-5906: In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not proper
In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.
nvd
CVE-2020-5907HIGHCVSS 7.2≥ 11.5.2, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5+3 more2020-07-01
CVE-2020-5907 [HIGH] CVE-2020-5907: In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell (tmsh) may be able to conduct arbitrary file read/writes via the built-in sftp functionality.
nvd
CVE-2020-5904HIGHCVSS 8.8≥ 12.1.0, ≤ 12.1.5.1≥ 13.1.0, ≤ 13.1.3.3+2 more2020-07-01
CVE-2020-5904 [HIGH] CWE-352 CVE-2020-5904: In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page.
nvd
CVE-2020-5903MEDIUMCVSS 6.1≥ 12.1.0, ≤ 12.1.5≥ 13.1.0, ≤ 13.1.3+2 more2020-07-01
CVE-2020-5903 [MEDIUM] CWE-79 CVE-2020-5903: In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.
nvd
CVE-2020-5905MEDIUMCVSS 4.3≥ 11.6.1, ≤ 11.6.5.22020-07-01
CVE-2020-5905 [MEDIUM] CWE-79 CVE-2020-5905: In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the syste
In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the system does not sanitize all user-provided data before display.
nvd
CVE-2020-5885CRITICALCVSS 9.1≥ 12.1.0, ≤ 12.1.5.1≥ 13.1.0, ≤ 13.1.3.3+2 more2020-04-30
CVE-2020-5885 [CRITICAL] CWE-319 CVE-2020-5885: On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems s
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.
nvd
CVE-2020-5884CRITICALCVSS 9.1≥ 11.6.1, ≤ 11.6.5.1≥ 12.1.0, ≤ 12.1.5.1+3 more2020-04-30
CVE-2020-5884 [CRITICAL] CVE-2020-5884: On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1,
On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure. This is a control plane issue that is exposed only on the network used for mirroring.
nvd
CVE-2020-5887CRITICALCVSS 9.1≥ 14.1.0, ≤ 14.1.2.3≥ 15.0.0, ≤ 15.0.1.2+1 more2020-04-30
CVE-2020-5887 [CRITICAL] CWE-668 CVE-2020-5887: On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may e
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings.
nvd
CVE-2020-5886CRITICALCVSS 9.1≥ 12.1.0, ≤ 12.1.5.1≥ 13.1.0, ≤ 13.1.3.3+2 more2020-04-30
CVE-2020-5886 [CRITICAL] CWE-319 CVE-2020-5886: On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems s
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.
nvd
CVE-2020-5882HIGHCVSS 7.5≥ 11.6.1, ≤ 11.6.5.1≥ 12.1.0, ≤ 12.1.5+3 more2020-04-30
CVE-2020-5882 [HIGH] CVE-2020-5882: On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5, and 11.6.1-11.6.5.1, und
On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5, and 11.6.1-11.6.5.1, under certain conditions, the Intel QuickAssist Technology (QAT) cryptography driver may produce a Traffic Management Microkernel (TMM) core file.
nvd
CVE-2020-5891HIGHCVSS 7.5≥ 14.1.0, ≤ 14.1.2.3≥ 15.0.0, ≤ 15.0.1.2+1 more2020-04-30
CVE-2020-5891 [HIGH] CVE-2020-5891: On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lea
On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile.
nvd
CVE-2020-5871HIGHCVSS 7.5≥ 14.1.0, ≤ 14.1.2.32020-04-30
CVE-2020-5871 [HIGH] CVE-2020-5871: On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service (DoS) when sent to B
On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service (DoS) when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane exposure.
nvd
CVE-2020-5881HIGHCVSS 7.5≥ 13.1.0, ≤ 13.1.3.3≥ 14.1.0, ≤ 14.1.2.3+1 more2020-04-30
CVE-2020-5881 [HIGH] CVE-2020-5881: On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition (
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition (VE) is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer (NDAL) Interfaces can lock up and in turn disrupting the communication between the mcpd and tmm processes.
nvd
CVE-2020-5873HIGHCVSS 7.2≥ 11.6.1, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5+3 more2020-04-30
CVE-2020-5873 [HIGH] CWE-78 CVE-2020-5873: On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request.
nvd
CVE-2020-5876HIGHCVSS 8.1≥ 11.6.1, ≤ 11.6.5.1≥ 12.1.0, ≤ 12.1.5.1+3 more2020-04-30
CVE-2020-5876 [HIGH] CWE-319 CVE-2020-5876: On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a
On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Managem
nvd