F5 Big-Ip Link Controller vulnerabilities

486 known vulnerabilities affecting f5/big-ip_link_controller.

Total CVEs

486

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL40HIGH272MEDIUM168LOW6

Vulnerabilities

Page 12 of 25

CVE-2020-5913HIGHCVSS 7.4≥ 11.6.1, < 11.6.5≥ 12.1.0, < 12.1.5.2+4 more2020-08-26

CVE-2020-5913 [HIGH] CWE-295 CVE-2020-5913: In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connections.

nvd

CVE-2020-5923MEDIUMCVSS 5.4≥ 11.6.1, < 11.6.5.2≥ 12.1.0, < 12.1.5.2+3 more2020-08-26

CVE-2020-5923 [MEDIUM] CVE-2020-5923: In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11 In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses.

nvd

CVE-2020-5916MEDIUMCVSS 6.8≥ 15.0.0, < 15.0.1.4≥ 15.1.0, < 15.1.0.52020-08-26

CVE-2020-5916 [MEDIUM] CWE-269 CVE-2020-5916: In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and h In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory.

nvd

CVE-2020-5917MEDIUMCVSS 5.9≥ 11.6.1, ≤ 11.6.5≥ 12.1.0, < 12.1.5.2+4 more2020-08-26

CVE-2020-5917 [MEDIUM] CWE-326 CVE-2020-5917: In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5 In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure.

nvd

CVE-2020-5915MEDIUMCVSS 6.1≥ 11.6.1, < 11.6.5.2≥ 12.1.0, < 12.1.5.2+4 more2020-08-26

CVE-2020-5915 [MEDIUM] CWE-79 CVE-2020-5915: In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5 In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust.

nvd

CVE-2020-5902CRITICALCVSS 9.8KEVPoC≥ 11.6.1, < 11.6.5.2≥ 12.1.0, < 12.1.5.2+4 more2020-07-01

CVE-2020-5902 [CRITICAL] CWE-22 CVE-2020-5902: In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11 In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

nvd

CVE-2020-5906HIGHCVSS 8.1≥ 11.6.1, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5+1 more2020-07-01

CVE-2020-5906 [HIGH] CWE-276 CVE-2020-5906: In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not proper In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.

nvd

CVE-2020-5907HIGHCVSS 7.2≥ 11.5.2, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5+3 more2020-07-01

CVE-2020-5907 [HIGH] CVE-2020-5907: In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11 In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell (tmsh) may be able to conduct arbitrary file read/writes via the built-in sftp functionality.

nvd

CVE-2020-5904HIGHCVSS 8.8≥ 12.1.0, ≤ 12.1.5.1≥ 13.1.0, ≤ 13.1.3.3+2 more2020-07-01

CVE-2020-5904 [HIGH] CWE-352 CVE-2020-5904: In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page.

nvd

CVE-2020-5903MEDIUMCVSS 6.1≥ 12.1.0, ≤ 12.1.5≥ 13.1.0, ≤ 13.1.3+2 more2020-07-01

CVE-2020-5903 [MEDIUM] CWE-79 CVE-2020-5903: In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility.

nvd

CVE-2020-5905MEDIUMCVSS 4.3≥ 11.6.1, ≤ 11.6.5.22020-07-01

CVE-2020-5905 [MEDIUM] CWE-79 CVE-2020-5905: In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the syste In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the system does not sanitize all user-provided data before display.

nvd

CVE-2020-5885CRITICALCVSS 9.1≥ 12.1.0, ≤ 12.1.5.1≥ 13.1.0, ≤ 13.1.3.3+2 more2020-04-30

CVE-2020-5885 [CRITICAL] CWE-319 CVE-2020-5885: On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems s On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.

nvd

CVE-2020-5884CRITICALCVSS 9.1≥ 11.6.1, ≤ 11.6.5.1≥ 12.1.0, ≤ 12.1.5.1+3 more2020-04-30

CVE-2020-5884 [CRITICAL] CVE-2020-5884: On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure. This is a control plane issue that is exposed only on the network used for mirroring.

nvd

CVE-2020-5887CRITICALCVSS 9.1≥ 14.1.0, ≤ 14.1.2.3≥ 15.0.0, ≤ 15.0.1.2+1 more2020-04-30

CVE-2020-5887 [CRITICAL] CWE-668 CVE-2020-5887: On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may e On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings.

nvd

CVE-2020-5886CRITICALCVSS 9.1≥ 12.1.0, ≤ 12.1.5.1≥ 13.1.0, ≤ 13.1.3.3+2 more2020-04-30

CVE-2020-5886 [CRITICAL] CWE-319 CVE-2020-5886: On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems s On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.

nvd

CVE-2020-5882HIGHCVSS 7.5≥ 11.6.1, ≤ 11.6.5.1≥ 12.1.0, ≤ 12.1.5+3 more2020-04-30

CVE-2020-5882 [HIGH] CVE-2020-5882: On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5, and 11.6.1-11.6.5.1, und On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5, and 11.6.1-11.6.5.1, under certain conditions, the Intel QuickAssist Technology (QAT) cryptography driver may produce a Traffic Management Microkernel (TMM) core file.

nvd

CVE-2020-5891HIGHCVSS 7.5≥ 14.1.0, ≤ 14.1.2.3≥ 15.0.0, ≤ 15.0.1.2+1 more2020-04-30

CVE-2020-5891 [HIGH] CVE-2020-5891: On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lea On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile.

nvd

CVE-2020-5871HIGHCVSS 7.5≥ 14.1.0, ≤ 14.1.2.32020-04-30

CVE-2020-5871 [HIGH] CVE-2020-5871: On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service (DoS) when sent to B On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service (DoS) when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane exposure.

nvd

CVE-2020-5881HIGHCVSS 7.5≥ 13.1.0, ≤ 13.1.3.3≥ 14.1.0, ≤ 14.1.2.3+1 more2020-04-30

CVE-2020-5881 [HIGH] CVE-2020-5881: On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition ( On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition (VE) is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer (NDAL) Interfaces can lock up and in turn disrupting the communication between the mcpd and tmm processes.

nvd

CVE-2020-5873HIGHCVSS 7.2≥ 11.6.1, ≤ 11.6.5≥ 12.1.0, ≤ 12.1.5+3 more2020-04-30

CVE-2020-5873 [HIGH] CWE-78 CVE-2020-5873: On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG- On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request.

nvd

← Previous12 / 25Next →