F5 Big-Ip Cgnat vulnerabilities

CVE-2023-38419 [MEDIUM] CWE-755 CVE-2023-38419: An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending... CVE-2023-38419: An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending... An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Tec

CVE-2023-29163 [HIGH] CWE-401 CVE-2023-29163: When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed tra... CVE-2023-29163: When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed tra... When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached E

CVE-2023-27378 [HIGH] CWE-79 CVE-2023-27378: Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration ... CVE-2023-27378: Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration ... Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the curren

CVE-2023-24594 [MEDIUM] CWE-400 CVE-2023-24594: When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accele... CVE-2023-24594: When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accele... When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End

CVE-2023-28406 [MEDIUM] CWE-22 CVE-2023-28406: A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow... CVE-2023-28406: A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow... A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restr

CVE-2022-41983 [LOW] CWE-319 CVE-2022-41983: On specific hardware platforms, on BIG-IP versions 16 CVE-2022-41983: On specific hardware platforms, on BIG-IP versions 16 On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT (QuickAssist Technology) and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even with an SSL Profile applied. Af

CVE-2022-28716 [HIGH] CWE-79 CVE-2022-28716: On 16 CVE-2022-28716: On 16 On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software ve

CVE-2020-27720 [HIGH] CVE-2020-27720: On BIG-IP LTM/CGNAT version 16 CVE-2020-27720: On BIG-IP LTM/CGNAT version 16 On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when processing NAT66 traffic with Port Block Allocation (PBA) mode and SP-DAG enabled, and dag-ipv6-prefix-len configured with a value less than the default of 128, an undisclosed traffic pattern may cause the Traffic Management Microkernel (TMM) to restart. Affected Products: BIG-I