F5 Big-Ip Websafe vulnerabilities

136 known vulnerabilities affecting f5/big-ip_websafe.

Total CVEs

136

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL6HIGH81MEDIUM47LOW2

Vulnerabilities

Page 5 of 7

CVE-2018-5517HIGHCVSS 7.5≥ 13.1.0, ≤ 13.1.0.52018-05-02

CVE-2018-5517 [HIGH] CWE-20 CVE-2018-5517: On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual se On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs.

nvd

CVE-2018-5512HIGHCVSS 7.5≥ 13.1.0, ≤ 13.1.0.52018-05-02

CVE-2018-5512 [HIGH] CVE-2018-5512: On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart.

nvd

CVE-2018-5520MEDIUMCVSS 4.4≥ 11.2.1, ≤ 11.6.3≥ 12.1.0, ≤ 12.1.3+1 more2018-05-02

CVE-2018-5520 [MEDIUM] CWE-863 CVE-2018-5520: On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources.

nvd

CVE-2018-5516MEDIUMCVSS 4.7≥ 11.2.1, ≤ 11.6.3≥ 12.1.0, ≤ 12.1.2+1 more2018-05-02

CVE-2018-5516 [MEDIUM] CWE-732 CVE-2018-5516: On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Ce On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restricti

nvd

CVE-2018-5519MEDIUMCVSS 4.9≥ 11.2.1, ≤ 11.6.3≥ 12.1.0, ≤ 12.1.3+1 more2018-05-02

CVE-2018-5519 [MEDIUM] CVE-2018-5519: On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of un On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended.

nvd

CVE-2018-5518MEDIUMCVSS 5.4≥ 12.0.0, ≤ 12.1.3≥ 13.0.0, ≤ 13.1.02018-05-02

CVE-2018-5518 [MEDIUM] CVE-2018-5518: On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest ca On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is opera

nvd

CVE-2018-5515MEDIUMCVSS 4.4≥ 13.1.0, ≤ 13.1.0.52018-05-02

CVE-2018-5515 [MEDIUM] CWE-20 CVE-2018-5515: On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 a On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event.

nvd

CVE-2018-5506CRITICALCVSS 9.8≥ 11.5.1, ≤ 11.5.5≥ 12.1.0, ≤ 12.1.3.1+3 more2018-04-13

CVE-2018-5506 [CRITICAL] CVE-2018-5506: In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_ In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP

nvd

CVE-2018-5507HIGHCVSS 7.5≥ 11.5.1, ≤ 11.5.5≥ 11.6.1, ≤ 11.6.2+2 more2018-04-13

CVE-2018-5507 [HIGH] CVE-2018-5507: On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU.

nvd

CVE-2018-5510HIGHCVSS 7.5v11.5.4v11.5.52018-04-13

CVE-2018-5510 [HIGH] CWE-20 CVE-2018-5510: On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TMM) may restart when processing On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TMM) may restart when processing a specific sequence of packets on IPv6 virtual servers.

nvd

CVE-2017-6155HIGHCVSS 7.5≥ 11.5.1, ≤ 11.5.5≥ 11.6.1, ≤ 11.6.2+3 more2018-04-13

CVE-2017-6155 [HIGH] CVE-2017-6155: On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTT On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. Data plane is only exposed when a SPDY or HTTP/2 profile is attached to a virtual server. There is no control plane exposure.

nvd

CVE-2017-6148HIGHCVSS 7.5≥ 11.5.1, ≤ 11.5.5≥ 11.6.1, ≤ 11.6.2+2 more2018-04-13

CVE-2017-6148 [HIGH] CWE-20 CVE-2017-6148: Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11. Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. The data plane is impacted and exposed only when a SOCKS proxy profile is attached to a Virtual Server. The control plane is not impacted by this vulnerability.

nvd

CVE-2018-5511HIGHCVSS 7.2PoCv13.0.0v13.1.02018-04-13

CVE-2018-5511 [HIGH] CWE-470 CVE-2018-5511: On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

nvd

CVE-2017-6158MEDIUMCVSS 6.5≥ 11.5.1, ≤ 11.5.5≥ 11.6.0, ≤ 11.6.1+2 more2018-04-13

CVE-2017-6158 [MEDIUM] CVE-2017-6158: In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is a vulnerability in TMM In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is a vulnerability in TMM related to handling of invalid IP addresses.

nvd

CVE-2017-6156MEDIUMCVSS 6.4≥ 11.5.1, ≤ 11.5.5≥ 12.1.0, ≤ 12.1.1+2 more2018-04-13

CVE-2017-6156 [MEDIUM] CVE-2017-6156: When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary credentials to negotiate the phase 1 of the IPSec exchange to exploit t

nvd

CVE-2018-5509HIGHCVSS 7.5v1.0.02018-03-22

CVE-2018-5509 [HIGH] CWE-20 CVE-2018-5509: On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server rec On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions

nvd

CVE-2018-5502HIGHCVSS 7.5v1.0.02018-03-22

CVE-2018-5502 [HIGH] CWE-295 CVE-2018-5502: On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP sys On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Clien

nvd

CVE-2018-5504HIGHCVSS 8.1v1.0.02018-03-22

CVE-2018-5504 [HIGH] CVE-2018-5504: In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain mal In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1.

nvd

CVE-2017-6150HIGHCVSS 7.5≥ 12.1.0, ≤ 12.1.3.1v13.0.02018-03-01

CVE-2017-6150 [HIGH] CWE-20 CVE-2017-6150: Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, w Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM).

nvd

CVE-2018-5501MEDIUMCVSS 5.9≥ 11.5.1, ≤ 11.5.4≥ 11.6.1, ≤ 11.6.2+3 more2018-03-01

CVE-2018-5501 [MEDIUM] CWE-400 CVE-2018-5501: In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control.

nvd

← Previous5 / 7Next →