cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-21782,https://securityvulnerability.io/vulnerability/CVE-2024-21782,Arbitrary Command Execution Vulnerability in BIG-IP and BIG-IQ Due to Incomplete Fix for CVE-2020-5873,"BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. 


Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"BIG-IP,BIG-IQ",6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-14T16:30:20.945Z,0
CVE-2023-41964,https://securityvulnerability.io/vulnerability/CVE-2023-41964,BIG-IP and BIG-IQ Database Variable vulnerability,"
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. 

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq",4.3,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2023-10-10T13:15:00.000Z,0
CVE-2023-43485,https://securityvulnerability.io/vulnerability/CVE-2023-43485,BIGIP and BIG-IQ TACACS+ audit log Vulnerability,"
When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-10-10T13:15:00.000Z,0
CVE-2023-38419,https://securityvulnerability.io/vulnerability/CVE-2023-38419,BIG-IP and BIG-IQ iControl SOAP vulnerability,An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.,F5,"Big-ip,Big-iq",4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-08-02T16:15:00.000Z,0
CVE-2023-29240,https://securityvulnerability.io/vulnerability/CVE-2023-29240,BIG-IQ iControl REST Vulnerability,"
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,BIG-IQ,5.4,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-05-03T15:15:00.000Z,0
CVE-2023-22326,https://securityvulnerability.io/vulnerability/CVE-2023-22326,iControl REST and tmsh vulnerability,"In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
",F5,"BIG-IP,BIG-IQ Centralized Management",4.9,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2023-02-01T18:15:00.000Z,0
CVE-2022-41622,https://securityvulnerability.io/vulnerability/CVE-2022-41622,iControl SOAP vulnerability,"In all versions, 

BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.  

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

",F5,"Big-ip,Big-iq Centralized Management",8.8,HIGH,0.4949899911880493,false,false,false,true,true,false,false,2022-12-07T03:08:06.811Z,0
CVE-2022-41694,https://securityvulnerability.io/vulnerability/CVE-2022-41694,BIG-IP and BIG-IQ mcpd vulnerability CVE-2022-41694,"In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate.",F5,"Big-ip,Big-iq",4.9,MEDIUM,0.001069999998435378,false,false,false,false,,false,false,2022-10-19T00:00:00.000Z,0
CVE-2022-41770,https://securityvulnerability.io/vulnerability/CVE-2022-41770,BIG-IP and BIG-IQ iControl REST vulnerability CVE-2022-41770,"In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests.",F5,"Big-ip,Big-iq",6.5,MEDIUM,0.0008099999977275729,false,false,false,false,,false,false,2022-10-19T00:00:00.000Z,0
CVE-2022-34851,https://securityvulnerability.io/vulnerability/CVE-2022-34851,BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34851,"In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq Centralized Management",4.3,MEDIUM,0.001069999998435378,false,false,false,false,,false,false,2022-08-04T18:15:00.000Z,0
CVE-2022-34844,https://securityvulnerability.io/vulnerability/CVE-2022-34844,BIG-IP and BIG-IQ AWS vulnerability CVE-2022-34844,"In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq Centralized Management",5.9,MEDIUM,0.0008900000248104334,false,false,false,false,,false,false,2022-08-04T18:15:00.000Z,0
CVE-2022-35728,https://securityvulnerability.io/vulnerability/CVE-2022-35728,iControl REST vulnerability CVE-2022-35728,"In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq Centralized Management",8.1,HIGH,0.0020099999383091927,false,false,false,false,,false,false,2022-08-04T18:15:00.000Z,0
CVE-2022-26340,https://securityvulnerability.io/vulnerability/CVE-2022-26340,,"On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip,Big-iq Centralized Management",4.9,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0
CVE-2022-29479,https://securityvulnerability.io/vulnerability/CVE-2022-29479,,"On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled (disabled by default) on a BIG-IP system, undisclosed packets may cause decreased performance. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"Big-ip,Big-iq Centralized Management",5.3,MEDIUM,0.0009200000204145908,false,false,false,false,,false,false,2022-05-04T00:00:00.000Z,0
CVE-2022-23023,https://securityvulnerability.io/vulnerability/CVE-2022-23023,,"On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by an authenticated iControl REST user can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip & Big-iq,6.5,MEDIUM,0.0008099999977275729,false,false,false,false,,false,false,2022-01-25T19:11:28.000Z,0
CVE-2022-23009,https://securityvulnerability.io/vulnerability/CVE-2022-23009,,"On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-iq Centralized Management,7.2,HIGH,0.001019999966956675,false,false,false,false,,false,false,2022-01-25T19:11:18.000Z,0
CVE-2021-23026,https://securityvulnerability.io/vulnerability/CVE-2021-23026,,"BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x and all versions of BIG-IQ 8.x, 7.x, and 6.x are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-ip & Big-iq,8.8,HIGH,0.0007300000288523734,false,false,false,false,,false,false,2021-09-14T21:57:17.000Z,0
CVE-2021-23024,https://securityvulnerability.io/vulnerability/CVE-2021-23024,,"On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-iq,7.2,HIGH,0.020640000700950623,false,false,false,false,,false,false,2021-06-10T14:35:08.000Z,0
CVE-2021-23006,https://securityvulnerability.io/vulnerability/CVE-2021-23006,,"On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,Big-iq,6.1,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2021-03-31T17:44:38.000Z,0
CVE-2021-23005,https://securityvulnerability.io/vulnerability/CVE-2021-23005,,"On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum device for BIG-IQ high availability (HA) for automatic failover, BIG-IQ does not make use of Transport Layer Security (TLS) with the Corosync protocol. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,Big-iq,9.1,CRITICAL,0.0016799999866634607,false,false,false,false,,false,false,2021-03-31T17:41:35.000Z,0
CVE-2021-22997,https://securityvulnerability.io/vulnerability/CVE-2021-22997,,"On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,Big-iq,7.5,HIGH,0.0016799999866634607,false,false,false,false,,false,false,2021-03-31T17:35:54.000Z,0
CVE-2021-22996,https://securityvulnerability.io/vulnerability/CVE-2021-22996,,"On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a BIG-IQ Data Collection Device (DCD) cluster member that receives an undisclosed message may cause the corosync process to abort. This behavior may lead to a denial-of-service (DoS) and impact the stability of a BIG-IQ high availability (HA) cluster. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,Big-iq,7.5,HIGH,0.0010300000431016088,false,false,false,false,,false,false,2021-03-31T17:34:21.000Z,0
CVE-2021-22995,https://securityvulnerability.io/vulnerability/CVE-2021-22995,,"On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,Big-iq,7.5,HIGH,0.0008399999933317304,false,false,false,false,,false,false,2021-03-31T16:45:54.000Z,0
CVE-2021-22986,https://securityvulnerability.io/vulnerability/CVE-2021-22986,,"On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,Big-ip; Big-iq,9.8,CRITICAL,0.9751499891281128,true,false,true,true,true,false,false,2021-03-31T14:04:47.000Z,0
CVE-2021-22974,https://securityvulnerability.io/vulnerability/CVE-2021-22974,,"On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.",F5,"Big-ip, Big-iq",7.5,HIGH,0.001019999966956675,false,false,false,false,,false,false,2021-02-12T16:23:27.000Z,0