cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-41164,https://securityvulnerability.io/vulnerability/CVE-2024-41164,Traffic Termination Due to Unforeseen Circumstances in Virtual Servers,"A configuration fault exists in F5 Networks' Virtual Server when Multipath TCP (MPTCP) is enabled. Undisclosed traffic, along with specific conditions outside the attacker's control, can lead to an unexpected termination of the Traffic Management Microkernel (TMM). This vulnerability highlights the need for diligent monitoring and management of MPTCP settings to prevent potential disruptions and maintain service integrity.",F5,"Big-ip,Big-ip Next Cnf,Big-ip Next Spk",7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-08-14T14:32:31.623Z,0
CVE-2024-23306,https://securityvulnerability.io/vulnerability/CVE-2024-23306,Undisclosed Sensitive Files Vulnerability in BIG-IP Next CNF and SPK Systems,"
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"BIG-IP Next SPK,BIG-IP Next CNF",4.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-14T16:30:23.515Z,0
CVE-2024-23314,https://securityvulnerability.io/vulnerability/CVE-2024-23314,Undisclosed Responses in HTTP/2 Configured BIG-IP Systems Can Cause TMM Termination,"A vulnerability impacting F5 Networks' BIG-IP and BIG-IP Next systems arises when HTTP/2 is configured. This can lead to undefined responses causing the Traffic Management Microkernel (TMM) to unexpectedly terminate. It is essential for organizations using these platforms to evaluate their configurations and apply necessary patches to prevent system disruptions, particularly for software versions that are still under support.",F5,"Big-ip,Big-ip Next Spk",7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-02-14T16:30:23.152Z,0
CVE-2023-45226,https://securityvulnerability.io/vulnerability/CVE-2023-45226,BIG-IP Next SPK SSH vulnerability,"The Traffic Management Module (TMM) in F5 BIG-IP products has been found to contain hardcoded credentials within the f5-debug-sidecar and f5-debug-sshd containers. This security flaw allows an attacker who can intercept traffic to impersonate the SPK Secure Shell (SSH) server, posing significant risks when SSH debugging is enabled. Organizations using affected software versions should review their configurations to mitigate potential exploitation of this vulnerability, especially for versions that have not reached End of Technical Support.",F5,Big-ip Next Spk,7.4,HIGH,0.0013699999544769526,false,false,false,false,,false,false,2023-10-10T13:15:00.000Z,0
CVE-2023-40534,https://securityvulnerability.io/vulnerability/CVE-2023-40534,BIG-IP HTTP/2 vulnerability,"A vulnerability exists in F5 BIG-IP when a client's HTTP/2 profile and HTTP MRF Router option are enabled on a virtual server. If an iRule configured with the HTTP_REQUEST event or a Local Traffic Policy is associated with this virtual server, certain undisclosed requests may lead to the termination of the Traffic Management Microkernel (TMM). This issue emphasizes the need for vigilant monitoring and management of configurations to prevent service interruptions.",F5,"Big-ip,Big-ip Next Spk",7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2023-10-10T13:15:00.000Z,0
CVE-2023-24594,https://securityvulnerability.io/vulnerability/CVE-2023-24594,BIG-IP TMM SSL vulnerability,"
When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization.  

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"BIG-IP,BIG-IP SPK",5.3,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2023-05-03T15:15:00.000Z,0
CVE-2023-22664,https://securityvulnerability.io/vulnerability/CVE-2023-22664,BIG-IP HTTP/2 profile vulnerability,"A vulnerability in F5 BIG-IP versions 17.0.x and 16.1.x can lead to increased memory resource utilization when specific client-side HTTP/2 profile configurations are enabled on a virtual server. This issue occurs due to undisclosed requests interacting improperly with the HTTP MRF Router option. Users should review their configurations and update to the latest software releases to mitigate potential impacts, especially when operating within sensitive environments.",F5,"BIG-IP,BIG-IP SPK",7.5,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2023-02-01T18:15:00.000Z,0
CVE-2023-23555,https://securityvulnerability.io/vulnerability/CVE-2023-23555,BIG-IP Virtual Edition vulnerability,"Certain versions of F5 BIG-IP products are susceptible to a vulnerability that allows undisclosed traffic patterns to terminate the Traffic Management Microkernel (TMM) when the FastL4 profile is enabled on a virtual server. This can lead to disruptions in service, impacting network operations. Software versions that have reached End of Technical Support (EoTS) are not included in the evaluation of this vulnerability.",F5,"BIG-IP,BIG-IP SPK",7.5,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2023-02-01T18:15:00.000Z,0