cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-21782,https://securityvulnerability.io/vulnerability/CVE-2024-21782,Arbitrary Command Execution Vulnerability in BIG-IP and BIG-IQ Due to Incomplete Fix for CVE-2020-5873,"BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. 


Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"BIG-IP,BIG-IQ",6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-14T16:30:20.945Z,0
CVE-2023-43485,https://securityvulnerability.io/vulnerability/CVE-2023-43485,BIGIP and BIG-IQ TACACS+ audit log Vulnerability,"
When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-10-10T13:15:00.000Z,0
CVE-2023-41964,https://securityvulnerability.io/vulnerability/CVE-2023-41964,BIG-IP and BIG-IQ Database Variable vulnerability,"
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. 

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq",4.3,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2023-10-10T13:15:00.000Z,0
CVE-2023-38419,https://securityvulnerability.io/vulnerability/CVE-2023-38419,BIG-IP and BIG-IQ iControl SOAP vulnerability,An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.,F5,"Big-ip,Big-iq",4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-08-02T16:15:00.000Z,0
CVE-2023-22326,https://securityvulnerability.io/vulnerability/CVE-2023-22326,iControl REST and tmsh vulnerability,"In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
",F5,"BIG-IP,BIG-IQ Centralized Management",4.9,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2023-02-01T18:15:00.000Z,0
CVE-2022-41622,https://securityvulnerability.io/vulnerability/CVE-2022-41622,iControl SOAP vulnerability,"In all versions, 

BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.  

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

",F5,"Big-ip,Big-iq Centralized Management",8.8,HIGH,0.4949899911880493,false,false,false,true,true,false,false,2022-12-07T03:08:06.811Z,0
CVE-2022-41770,https://securityvulnerability.io/vulnerability/CVE-2022-41770,BIG-IP and BIG-IQ iControl REST vulnerability CVE-2022-41770,"In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests.",F5,"Big-ip,Big-iq",6.5,MEDIUM,0.0008099999977275729,false,false,false,false,,false,false,2022-10-19T00:00:00.000Z,0
CVE-2022-41694,https://securityvulnerability.io/vulnerability/CVE-2022-41694,BIG-IP and BIG-IQ mcpd vulnerability CVE-2022-41694,"In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate.",F5,"Big-ip,Big-iq",4.9,MEDIUM,0.001069999998435378,false,false,false,false,,false,false,2022-10-19T00:00:00.000Z,0
CVE-2022-35728,https://securityvulnerability.io/vulnerability/CVE-2022-35728,iControl REST vulnerability CVE-2022-35728,"In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq Centralized Management",8.1,HIGH,0.0020099999383091927,false,false,false,false,,false,false,2022-08-04T18:15:00.000Z,0
CVE-2022-34844,https://securityvulnerability.io/vulnerability/CVE-2022-34844,BIG-IP and BIG-IQ AWS vulnerability CVE-2022-34844,"In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq Centralized Management",5.9,MEDIUM,0.0008900000248104334,false,false,false,false,,false,false,2022-08-04T18:15:00.000Z,0
CVE-2022-34851,https://securityvulnerability.io/vulnerability/CVE-2022-34851,BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34851,"In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq Centralized Management",4.3,MEDIUM,0.001069999998435378,false,false,false,false,,false,false,2022-08-04T18:15:00.000Z,0
CVE-2022-26340,https://securityvulnerability.io/vulnerability/CVE-2022-26340,,"On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip,Big-iq Centralized Management",4.9,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0
CVE-2022-29479,https://securityvulnerability.io/vulnerability/CVE-2022-29479,,"On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled (disabled by default) on a BIG-IP system, undisclosed packets may cause decreased performance. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip,Big-iq Centralized Management",5.3,MEDIUM,0.0009200000204145908,false,false,false,false,,false,false,2022-05-04T00:00:00.000Z,0
CVE-2022-23023,https://securityvulnerability.io/vulnerability/CVE-2022-23023,,"On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by an authenticated iControl REST user can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip & Big-iq,6.5,MEDIUM,0.0008099999977275729,false,false,false,false,,false,false,2022-01-25T19:11:28.000Z,0
CVE-2021-23026,https://securityvulnerability.io/vulnerability/CVE-2021-23026,,"BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip & Big-iq,8.8,HIGH,0.0007300000288523734,false,false,false,false,,false,false,2021-09-14T21:57:17.000Z,0
CVE-2021-22986,https://securityvulnerability.io/vulnerability/CVE-2021-22986,,"On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,Big-ip; Big-iq,9.8,CRITICAL,0.9751499891281128,true,false,true,true,true,false,false,2021-03-31T14:04:47.000Z,0
CVE-2021-22974,https://securityvulnerability.io/vulnerability/CVE-2021-22974,,"On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,"Big-ip, Big-iq",7.5,HIGH,0.001019999966956675,false,false,false,false,,false,false,2021-02-12T16:23:27.000Z,0
CVE-2020-5930,https://securityvulnerability.io/vulnerability/CVE-2020-5930,,"In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthenticated attackers can cause disruption of service via undisclosed methods.",F5,"Big-ip, Big-iq",7.5,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2020-09-25T13:19:40.000Z,0
CVE-2020-5923,https://securityvulnerability.io/vulnerability/CVE-2020-5923,,"In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses.",F5,"Big-ip, Big-iq",5.4,MEDIUM,0.0005799999926239252,false,false,false,false,,false,false,2020-08-26T14:41:43.000Z,0
CVE-2020-5917,https://securityvulnerability.io/vulnerability/CVE-2020-5917,,"In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure.",F5,"Big-ip, Big-iq",5.9,MEDIUM,0.0016799999866634607,false,false,false,false,,false,false,2020-08-26T14:06:50.000Z,0
CVE-2020-5890,https://securityvulnerability.io/vulnerability/CVE-2020-5890,,"On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace.",F5,"Big-ip,Big-iq",5.5,MEDIUM,0.0013500000350177288,false,false,false,false,,false,false,2020-04-30T21:08:17.000Z,0
CVE-2020-5873,https://securityvulnerability.io/vulnerability/CVE-2020-5873,,"On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request.",F5,"Big-ip,Big-iq",7.2,HIGH,0.001019999966956675,false,false,false,false,,false,false,2020-04-30T20:21:54.000Z,0
CVE-2020-5858,https://securityvulnerability.io/vulnerability/CVE-2020-5858,,"On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command.",F5,"Big-ip, Big-iq",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2020-03-27T14:31:27.000Z,0
CVE-2020-5860,https://securityvulnerability.io/vulnerability/CVE-2020-5860,,"On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS).",F5,"Big-ip, Big-iq",8.1,HIGH,0.0030900000128895044,false,false,false,false,,false,false,2020-03-27T14:26:47.000Z,0
CVE-2019-19151,https://securityvulnerability.io/vulnerability/CVE-2019-19151,,"On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Manager version 3.1.1, authenticated users granted TMOS Shell (tmsh) privileges are able access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system which would not normally be allowed.",F5,"Big-ip, Big-iq, Iworkflow, Enterprise Manager",5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2019-12-23T18:03:02.000Z,0