F5 Big-Ip Avr vulnerabilities

CVE-2023-38419 [MEDIUM] CWE-755 CVE-2023-38419: An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending... CVE-2023-38419: An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending... An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Tec

CVE-2023-29163 [HIGH] CWE-401 CVE-2023-29163: When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed tra... CVE-2023-29163: When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed tra... When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached E

CVE-2023-27378 [HIGH] CWE-79 CVE-2023-27378: Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration ... CVE-2023-27378: Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration ... Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the curren

CVE-2023-24594 [MEDIUM] CWE-400 CVE-2023-24594: When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accele... CVE-2023-24594: When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accele... When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End

CVE-2023-28406 [MEDIUM] CWE-22 CVE-2023-28406: A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow... CVE-2023-28406: A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow... A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restr

CVE-2022-41983 [LOW] CWE-319 CVE-2022-41983: On specific hardware platforms, on BIG-IP versions 16 CVE-2022-41983: On specific hardware platforms, on BIG-IP versions 16 On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied. Af