cbcvebase.

F5 Big-Ip Asm vulnerabilities

471 known vulnerabilities affecting f5/big-ip_asm.

Total CVEs
471
CISA KEV
6
actively exploited
Public exploits
9
Exploited in wild
6
Severity breakdown
CRITICAL27HIGH275MEDIUM162LOW7

Vulnerabilities

Page 23 of 24
CVE-2017-6134MEDIUMCVSS 6.52017-12-21
CVE-2017-6134 [MEDIUM] CWE-20 CVE-2017-6134: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13 CVE-2017-6134: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent
f5
CVE-2017-6166MEDIUMCVSS 5.9≥ 12.0.0, ≤ 12.1.12017-11-22
CVE-2017-6166 [MEDIUM] CWE-415 CVE-2017-6166: In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts
nvdf5
CVE-2017-6168HIGHCVSS 7.4≥ 11.6.0, ≤ 11.6.2≥ 12.0.0, ≤ 12.1.2+1 more2017-11-17
CVE-2017-6168 [HIGH] CWE-203 CVE-2017-6168: On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encry
nvdf5
CVE-2017-6157HIGHCVSS 8.12017-10-27
CVE-2017-6157 [HIGH] CVE-2017-6157: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12 CVE-2017-6157: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit P
f5
CVE-2017-0303HIGHCVSS 7.52017-10-27
CVE-2017-0303 [HIGH] CWE-459 CVE-2017-0303: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13 CVE-2017-0303: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual
f5
CVE-2017-6159MEDIUMCVSS 5.92017-10-27
CVE-2017-6159 [MEDIUM] CVE-2017-6159: F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12 CVE-2017-6159: F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12 F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual serve
f5
CVE-2017-6163MEDIUMCVSS 5.92017-10-27
CVE-2017-6163 [MEDIUM] CWE-119 CVE-2017-6163: In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12 CVE-2017-6163: In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12 In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a num
f5
CVE-2017-6161MEDIUMCVSS 5.32017-10-27
CVE-2017-6161 [MEDIUM] CWE-400 CVE-2017-6161: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator softwar... CVE-2017-6161: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator softwar... In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when Confi
f5
CVE-2017-6162MEDIUMCVSS 5.92017-10-27
CVE-2017-6162 [MEDIUM] CWE-119 CVE-2017-6162: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software versi... CVE-2017-6162: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software versi... In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases
f5
CVE-2017-6165CRITICALCVSS 9.82017-10-20
CVE-2017-6165 [CRITICAL] CWE-532 CVE-2017-6165: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11 CVE-2017-6165: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet Ex
f5
CVE-2017-6145HIGHCVSS 7.32017-10-20
CVE-2017-6145 [HIGH] CWE-613 CVE-2017-6145: iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12 CVE-2017-6145: iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12 iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens.
f5
CVE-2017-6141MEDIUMCVSS 5.92017-10-20
CVE-2017-6141 [MEDIUM] CWE-20 CVE-2017-6141: In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12 CVE-2017-6141: In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12 In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM).
f5
CVE-2017-6147MEDIUMCVSS 5.92017-09-18
CVE-2017-6147 [MEDIUM] CVE-2017-6147: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12 CVE-2017-6147: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Cli
f5
CVE-2016-7469MEDIUMCVSS 5.42017-06-09
CVE-2016-7469 [MEDIUM] CWE-79 CVE-2016-7469: A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM,... CVE-2016-7469: A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM,... A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PS
f5
CVE-2017-6131CRITICALCVSS 9.82017-05-23
CVE-2017-6131 [CRITICAL] CWE-798 CVE-2017-6131: In some circumstances, an F5 BIG-IP version 12 CVE-2017-6131: In some circumstances, an F5 BIG-IP version 12 In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are n
f5
CVE-2016-7476HIGHCVSS 7.52017-05-11
CVE-2016-7476 [HIGH] CWE-20 CVE-2016-7476: The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and We... CVE-2016-7476: The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and We... The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1
f5
CVE-2016-9250HIGHCVSS 7.52017-05-10
CVE-2016-9250 [HIGH] CWE-264 CVE-2016-9250: In F5 BIG-IP 11 CVE-2016-9250: In F5 BIG-IP 11 In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP LTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP WebAccelerator, BIG-IP
f5
CVE-2016-9253HIGHCVSS 7.52017-05-09
CVE-2016-9253 [HIGH] CWE-20 CVE-2016-9253: In F5 BIG-IP 12 CVE-2016-9253: In F5 BIG-IP 12 In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP LTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP WebSafe Affected Versions: 12.1.0; 12.1.1; 12.1.2 F5 Advisory Articles: K51351360 F5 Refe
f5
CVE-2016-9251HIGHCVSS 8.82017-05-09
CVE-2016-9251 [HIGH] CWE-264 CVE-2016-9251: In F5 BIG-IP 12 CVE-2016-9251: In F5 BIG-IP 12 In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection. Affected Products: BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP Analytics, BIG-IP DNS, BIG-IP LTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP WebSafe, iControl REST Affected Versions: 12.0.0; 12.1.0; 12.1.1; 12.1.2 F5 Advisory Articles: K4110
f5
CVE-2016-9256HIGHCVSS 7.52017-05-09
CVE-2016-9256 [HIGH] CWE-362 CVE-2016-9256: In F5 BIG-IP 12 CVE-2016-9256: In F5 BIG-IP 12 In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission c
f5
← Previous23 / 24Next →