cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-21782,https://securityvulnerability.io/vulnerability/CVE-2024-21782,Arbitrary Command Execution Vulnerability in BIG-IP and BIG-IQ Due to Incomplete Fix for CVE-2020-5873,"BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. 


Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"BIG-IP,BIG-IQ",6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-14T16:30:20.945Z,0
CVE-2023-41964,https://securityvulnerability.io/vulnerability/CVE-2023-41964,BIG-IP and BIG-IQ Database Variable vulnerability,"
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. 

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq",4.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-10-10T13:15:00.000Z,0
CVE-2023-43485,https://securityvulnerability.io/vulnerability/CVE-2023-43485,BIGIP and BIG-IQ TACACS+ audit log Vulnerability,"
When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq",5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-10T13:15:00.000Z,0
CVE-2023-38419,https://securityvulnerability.io/vulnerability/CVE-2023-38419,BIG-IP and BIG-IQ iControl SOAP vulnerability,An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.,F5,"Big-ip,Big-iq",4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-08-02T16:15:00.000Z,0
CVE-2023-22326,https://securityvulnerability.io/vulnerability/CVE-2023-22326,iControl REST and tmsh vulnerability,"In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
",F5,"BIG-IP,BIG-IQ Centralized Management",4.9,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-02-01T18:15:00.000Z,0
CVE-2022-41622,https://securityvulnerability.io/vulnerability/CVE-2022-41622,iControl SOAP vulnerability,"In all versions, 

BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.  

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

",F5,"Big-ip,Big-iq Centralized Management",8.8,HIGH,0.4949899911880493,false,,false,false,true,2022-08-03T21:20:29.000Z,true,false,false,,2022-12-07T03:08:06.811Z,0
CVE-2022-41694,https://securityvulnerability.io/vulnerability/CVE-2022-41694,BIG-IP and BIG-IQ mcpd vulnerability CVE-2022-41694,"In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate.",F5,"Big-ip,Big-iq",4.9,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-41770,https://securityvulnerability.io/vulnerability/CVE-2022-41770,BIG-IP and BIG-IQ iControl REST vulnerability CVE-2022-41770,"In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests.",F5,"Big-ip,Big-iq",6.5,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-34851,https://securityvulnerability.io/vulnerability/CVE-2022-34851,BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34851,"In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq Centralized Management",4.3,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2022-08-04T18:15:00.000Z,0
CVE-2022-35728,https://securityvulnerability.io/vulnerability/CVE-2022-35728,iControl REST vulnerability CVE-2022-35728,"In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq Centralized Management",8.1,HIGH,0.0020099999383091927,false,,false,false,false,,,false,false,,2022-08-04T18:15:00.000Z,0
CVE-2022-34844,https://securityvulnerability.io/vulnerability/CVE-2022-34844,BIG-IP and BIG-IQ AWS vulnerability CVE-2022-34844,"In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq Centralized Management",5.9,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-08-04T18:15:00.000Z,0
CVE-2022-26340,https://securityvulnerability.io/vulnerability/CVE-2022-26340,Remote File Access Vulnerability in F5 BIG-IP and BIG-IQ Products,"An authenticated, high-privileged attacker without bash access may gain unauthorized access to sensitive Certificate and Key files on F5 BIG-IP and BIG-IQ systems via the Secure Copy (SCP) protocol. This vulnerability affects multiple versions of F5 BIG-IP and BIG-IQ products, allowing potential exploitation that can compromise the security of managed systems. It is critical for organizations using affected versions to implement necessary updates and closely monitor for suspicious activity.",F5,"Big-ip,Big-iq Centralized Management",4.9,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-29479,https://securityvulnerability.io/vulnerability/CVE-2022-29479,IPv6 Packet Processing Issue in F5 BIG-IP and BIG-IQ Systems,"F5 BIG-IP and BIG-IQ systems may experience performance degradation when an IPv6 self IP address is configured along with the ipv6.strictcompliance database key enabled. This affects certain versions of BIG-IP and all versions of BIG-IQ Centralized Management. While this setting is disabled by default, enabling it can lead to undisclosed packets impacting system performance.",F5,"Big-ip,Big-iq Centralized Management",5.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2022-05-04T00:00:00.000Z,0
CVE-2022-23023,https://securityvulnerability.io/vulnerability/CVE-2022-23023,Memory Resource Utilization Flaw in F5 BIG-IP and BIG-IQ Products,"On certain versions of F5 Networks' BIG-IP and BIG-IQ products, an authenticated iControl REST user can inadvertently trigger an increase in memory resource utilization through undisclosed requests. This can lead to performance issues, making the systems more vulnerable to potential exploits. It's essential for users to ensure they are running supported versions as software versions reaching End of Technical Support (EoTS) are not examined for such vulnerabilities.",F5,Big-ip & Big-iq,6.5,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2022-01-25T19:11:28.000Z,0
CVE-2021-23026,https://securityvulnerability.io/vulnerability/CVE-2021-23026,Cross-Site Request Forgery Vulnerability in F5 BIG-IP and BIG-IQ Products,"F5 BIG-IP and BIG-IQ products are susceptible to cross-site request forgery (CSRF) attacks via the iControl SOAP interface. This vulnerability can allow attackers to perform unauthorized actions on behalf of an authenticated user, potentially leading to significant security risks. Users of affected versions should prioritize applying patches to mitigate this risk and ensure the integrity of their systems.",F5,Big-ip & Big-iq,8.8,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2021-09-14T21:57:17.000Z,0
CVE-2021-22986,https://securityvulnerability.io/vulnerability/CVE-2021-22986,Remote Command Execution Vulnerability in F5 BIG-IP and BIG-IQ Products,"The vulnerability affects multiple versions of F5 BIG-IP and BIG-IQ products through the iControl REST interface, which allows unauthenticated remote command execution. This flaw can potentially enable attackers to execute arbitrary commands on the server, posing significant security risks to the affected systems. Administrators are advised to update their software to the latest versions to mitigate this vulnerability.",F5,Big-ip; Big-iq,9.8,CRITICAL,0.9752500057220459,true,2021-11-03T00:00:00.000Z,false,true,true,2021-11-03T00:00:00.000Z,true,false,false,,2021-03-31T14:04:47.000Z,0
CVE-2021-22974,https://securityvulnerability.io/vulnerability/CVE-2021-22974,Race Condition Vulnerability in BIG-IP Products by F5 Networks,"A race condition vulnerability has been identified in F5 Networks' BIG-IP products, where an authenticated attacker with access to iControl REST may exploit this flaw to execute commands with elevated privileges. This issue arises from an incomplete resolution of a previously identified vulnerability and affects specific versions of the software. Organizations using affected versions should prioritize applying recommended updates to mitigate this risk and ensure the integrity of their systems.",F5,"Big-ip, Big-iq",7.5,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2021-02-12T16:23:27.000Z,0
CVE-2020-5930,https://securityvulnerability.io/vulnerability/CVE-2020-5930,Service Disruption Vulnerability in F5 BIG-IP and BIG-IQ Products,"F5 BIG-IP and BIG-IQ products have a vulnerability that allows unauthenticated attackers to disrupt service through undisclosed methods. This affects multiple versions across both product lines, potentially leading to significant service interruptions. Organizations employing these systems should take immediate action to understand their exposure and implement appropriate mitigations to safeguard their network infrastructure.",F5,"Big-ip, Big-iq",7.5,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2020-09-25T13:19:40.000Z,0
CVE-2020-5923,https://securityvulnerability.io/vulnerability/CVE-2020-5923,Self-IP Port-Lockdown Bypass in F5 BIG-IP and BIG-IQ Products,"This vulnerability allows an attacker to bypass the Self-IP port-lockdown feature by exploiting IPv6 link-local addresses. This misconfiguration in the affected versions of F5 BIG-IP and BIG-IQ products poses a security risk, as it may enable unauthorized access to sensitive network resources. Organizations using these products should apply the necessary updates to mitigate this risk effectively.",F5,"Big-ip, Big-iq",5.4,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2020-08-26T14:41:43.000Z,0
CVE-2020-5917,https://securityvulnerability.io/vulnerability/CVE-2020-5917,Crypto Key Vulnerability in F5 BIG-IP and BIG-IQ Products,"The vulnerability arises from the use of OpenSSH servers in F5 BIG-IP and BIG-IQ products that employ cryptographic keys shorter than 2048 bits. These insufficiently robust keys are deemed insecure in the current landscape of cybersecurity threats, making SSH connections susceptible to interception and exploitation by malicious actors. Organizations using affected versions must upgrade to ensure strong cryptographic standards and maintain secure communications.",F5,"Big-ip, Big-iq",5.9,MEDIUM,0.0016799999866634607,false,,false,false,false,,,false,false,,2020-08-26T14:06:50.000Z,0
CVE-2020-5890,https://securityvulnerability.io/vulnerability/CVE-2020-5890,LDAP Authentication Whitespace Exposure on F5 BIG-IP Products,"A vulnerability exists in the F5 BIG-IP products when creating a QKView. If the LDAP server credentials used for remote authentication contain whitespace, they are not fully obfuscated, potentially exposing sensitive information to unauthorized individuals. This can lead to unauthorized access to the BIG-IP administrative interface, compromising the security of the environment.",F5,"Big-ip,Big-iq",5.5,MEDIUM,0.0013500000350177288,false,,false,false,false,,,false,false,,2020-04-30T21:08:17.000Z,0
CVE-2020-5873,https://securityvulnerability.io/vulnerability/CVE-2020-5873,Arbitrary Command Execution Vulnerability in BIG-IP and BIG-IQ by F5,"A vulnerability exists in F5 BIG-IP and BIG-IQ products where a user with Resource Administrator privileges and access to the secure copy (scp) utility can craft malicious scp requests to execute arbitrary commands. This scenario arises even if the user lacks permission to access the Advanced Shell (bash), posing a significant risk of unauthorized command execution within affected versions.",F5,"Big-ip,Big-iq",7.2,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2020-04-30T20:21:54.000Z,0
CVE-2020-5858,https://securityvulnerability.io/vulnerability/CVE-2020-5858,Arbitrary Command Execution Vulnerability in F5 BIG-IP and BIG-IQ Products,"In F5 BIG-IP and BIG-IQ products, users with non-administrator roles, such as Guest or Resource Administrator, can exploit a flaw in the tmsh shell. This vulnerability enables these users to execute arbitrary commands with elevated privileges by crafting specific tmsh commands, potentially compromising system integrity and leading to unauthorized actions on the platform.",F5,"Big-ip, Big-iq",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-03-27T14:31:27.000Z,0
CVE-2020-5860,https://securityvulnerability.io/vulnerability/CVE-2020-5860,Weak Authentication and Encryption Flaw in F5 BIG-IP Products,"A security issue exists in F5's BIG-IP and BIG-IQ products which affects the High Availability (HA) network failover process within the Device Service Cluster (DSC). This flaw allows failover actions without the necessity of strong authentication measures, and the network traffic associated with the HA failover is not secured by Transport Layer Security (TLS). This lack of robust authentication and encryption could expose systems to potential unauthorized access and data interception risks, making it crucial for users to take necessary security measures.",F5,"Big-ip, Big-iq",8.1,HIGH,0.0030900000128895044,false,,false,false,false,,,false,false,,2020-03-27T14:26:47.000Z,0
CVE-2019-19151,https://securityvulnerability.io/vulnerability/CVE-2019-19151,Improper Access Control in BIG-IP and BIG-IQ Products by F5 Networks,"On specific versions of F5 Networks' BIG-IP and BIG-IQ products, an improper access control vulnerability allows authenticated users with low privileges to bypass normal restrictions and access system objects on the file system. This could lead to exposure of sensitive information or unauthorized operations, necessitating immediate attention and remediation.",F5,"Big-ip, Big-iq, Iworkflow, Enterprise Manager",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-12-23T18:03:02.000Z,0