cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-21782,https://securityvulnerability.io/vulnerability/CVE-2024-21782,Arbitrary Command Execution Vulnerability in BIG-IP and BIG-IQ Due to Incomplete Fix for CVE-2020-5873,"BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. 


Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",F5,"BIG-IP,BIG-IQ",6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-14T16:30:20.945Z,0
CVE-2023-41964,https://securityvulnerability.io/vulnerability/CVE-2023-41964,BIG-IP and BIG-IQ Database Variable vulnerability,"
The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. 

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq",4.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-10-10T13:15:00.000Z,0
CVE-2023-43485,https://securityvulnerability.io/vulnerability/CVE-2023-43485,BIGIP and BIG-IQ TACACS+ audit log Vulnerability,"
When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq",5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-10T13:15:00.000Z,0
CVE-2023-38419,https://securityvulnerability.io/vulnerability/CVE-2023-38419,BIG-IP and BIG-IQ iControl SOAP vulnerability,An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.,F5,"Big-ip,Big-iq",4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-08-02T16:15:00.000Z,0
CVE-2023-29240,https://securityvulnerability.io/vulnerability/CVE-2023-29240,BIG-IQ iControl REST Vulnerability,"
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Big-iq,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-05-03T15:15:00.000Z,0
CVE-2023-22326,https://securityvulnerability.io/vulnerability/CVE-2023-22326,iControl REST and tmsh vulnerability,"In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
",F5,"BIG-IP,BIG-IQ Centralized Management",4.9,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-02-01T18:15:00.000Z,0
CVE-2022-41622,https://securityvulnerability.io/vulnerability/CVE-2022-41622,iControl SOAP vulnerability,"In all versions, 

BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.  

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

",F5,"Big-ip,Big-iq Centralized Management",8.8,HIGH,0.4949899911880493,false,,false,false,true,2022-08-03T21:20:29.000Z,true,false,false,,2022-12-07T03:08:06.811Z,0
CVE-2022-41694,https://securityvulnerability.io/vulnerability/CVE-2022-41694,BIG-IP and BIG-IQ mcpd vulnerability CVE-2022-41694,"In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate.",F5,"Big-ip,Big-iq",4.9,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-41770,https://securityvulnerability.io/vulnerability/CVE-2022-41770,BIG-IP and BIG-IQ iControl REST vulnerability CVE-2022-41770,"In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated iControl REST user can cause an increase in memory resource utilization, via undisclosed requests.",F5,"Big-ip,Big-iq",6.5,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2022-10-19T00:00:00.000Z,0
CVE-2022-34851,https://securityvulnerability.io/vulnerability/CVE-2022-34851,BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34851,"In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq Centralized Management",4.3,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2022-08-04T18:15:00.000Z,0
CVE-2022-34844,https://securityvulnerability.io/vulnerability/CVE-2022-34844,BIG-IP and BIG-IQ AWS vulnerability CVE-2022-34844,"In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq Centralized Management",5.9,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-08-04T18:15:00.000Z,0
CVE-2022-35728,https://securityvulnerability.io/vulnerability/CVE-2022-35728,iControl REST vulnerability CVE-2022-35728,"In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq Centralized Management",8.1,HIGH,0.0020099999383091927,false,,false,false,false,,,false,false,,2022-08-04T18:15:00.000Z,0
CVE-2022-26340,https://securityvulnerability.io/vulnerability/CVE-2022-26340,Remote File Access Vulnerability in F5 BIG-IP and BIG-IQ Products,"An authenticated, high-privileged attacker without bash access may gain unauthorized access to sensitive Certificate and Key files on F5 BIG-IP and BIG-IQ systems via the Secure Copy (SCP) protocol. This vulnerability affects multiple versions of F5 BIG-IP and BIG-IQ products, allowing potential exploitation that can compromise the security of managed systems. It is critical for organizations using affected versions to implement necessary updates and closely monitor for suspicious activity.",F5,"Big-ip,Big-iq Centralized Management",4.9,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0
CVE-2022-29479,https://securityvulnerability.io/vulnerability/CVE-2022-29479,IPv6 Packet Processing Issue in F5 BIG-IP and BIG-IQ Systems,"F5 BIG-IP and BIG-IQ systems may experience performance degradation when an IPv6 self IP address is configured along with the ipv6.strictcompliance database key enabled. This affects certain versions of BIG-IP and all versions of BIG-IQ Centralized Management. While this setting is disabled by default, enabling it can lead to undisclosed packets impacting system performance.",F5,"Big-ip,Big-iq Centralized Management",5.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2022-05-04T00:00:00.000Z,0
CVE-2022-23023,https://securityvulnerability.io/vulnerability/CVE-2022-23023,Memory Resource Utilization Flaw in F5 BIG-IP and BIG-IQ Products,"On certain versions of F5 Networks' BIG-IP and BIG-IQ products, an authenticated iControl REST user can inadvertently trigger an increase in memory resource utilization through undisclosed requests. This can lead to performance issues, making the systems more vulnerable to potential exploits. It's essential for users to ensure they are running supported versions as software versions reaching End of Technical Support (EoTS) are not examined for such vulnerabilities.",F5,Big-ip & Big-iq,6.5,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2022-01-25T19:11:28.000Z,0
CVE-2022-23009,https://securityvulnerability.io/vulnerability/CVE-2022-23009,Authorization Bypass Vulnerability in F5 BIG-IQ Centralized Management,"An authorization bypass vulnerability exists in F5 BIG-IQ Centralized Management, allowing an authenticated administrative user to gain unauthorized access to other BIG-IP devices managed within the same BIG-IQ system. This could potentially lead to sensitive data exposure or misconfigurations across managed devices. Note that versions that have reached End of Technical Support (EoTS) are not evaluated for these issues.",F5,Big-iq Centralized Management,7.2,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2022-01-25T19:11:18.000Z,0
CVE-2021-23026,https://securityvulnerability.io/vulnerability/CVE-2021-23026,Cross-Site Request Forgery Vulnerability in F5 BIG-IP and BIG-IQ Products,"F5 BIG-IP and BIG-IQ products are susceptible to cross-site request forgery (CSRF) attacks via the iControl SOAP interface. This vulnerability can allow attackers to perform unauthorized actions on behalf of an authenticated user, potentially leading to significant security risks. Users of affected versions should prioritize applying patches to mitigate this risk and ensure the integrity of their systems.",F5,Big-ip & Big-iq,8.8,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2021-09-14T21:57:17.000Z,0
CVE-2021-23024,https://securityvulnerability.io/vulnerability/CVE-2021-23024,Remote Command Execution Vulnerability in F5 BIG-IQ Configuration Utility,"The BIG-IQ Configuration Utility from F5 Networks is susceptible to an authenticated remote command execution vulnerability that affects all versions prior to 8.0.0.1 in the 8.0.x branch, along with the 6.x and 7.x versions. This vulnerability occurs in undisclosed pages, potentially allowing attackers with valid credentials to execute arbitrary commands on the affected system, thereby compromising its security. Users are advised to upgrade to the latest version to mitigate any risk associated with this vulnerability.",F5,Big-iq,7.2,HIGH,0.02060999907553196,false,,false,false,false,,,false,false,,2021-06-10T14:35:08.000Z,0
CVE-2021-23006,https://securityvulnerability.io/vulnerability/CVE-2021-23006,Reflected Cross-Site Scripting Vulnerability in BIG-IQ by F5 Networks,"The BIG-IQ product by F5 Networks has a reflected cross-site scripting vulnerability affecting versions 7.x and 6.x. This vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, potentially compromising sensitive information or executing unauthorized actions. It is important to upgrade to version 8.0.0 or later to mitigate risks associated with this vulnerability.",F5,Big-iq,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2021-03-31T17:44:38.000Z,0
CVE-2021-23005,https://securityvulnerability.io/vulnerability/CVE-2021-23005,Transport Layer Security Flaw in BIG-IQ by F5 Networks,"The identified vulnerability affects F5 Networks' BIG-IQ versions 7.x and 6.x, where the system using Quorum devices for high availability (HA) fails to employ Transport Layer Security (TLS) during communication with the Corosync protocol. This oversight in encrypting data can expose sensitive information to potential interception and compromise the integrity of failover operations. Users are advised to upgrade to version 8.0.0 or apply mitigations to safeguard their deployments.",F5,Big-iq,9.1,CRITICAL,0.0016799999866634607,false,,false,false,false,,,false,false,,2021-03-31T17:41:35.000Z,0
CVE-2021-22997,https://securityvulnerability.io/vulnerability/CVE-2021-22997,Authentication Vulnerability in F5 BIG-IQ HA ElasticSearch Service,"The F5 BIG-IQ HA ElasticSearch service across versions 6.x and 7.x is vulnerable due to lack of authentication for clustering transport services, enabling unauthorized access. The transport data used by ElasticSearch is transmitted without encryption, posing significant risks to sensitive information. Users are advised to upgrade to version 8.0.0 or later to mitigate these security concerns.",F5,Big-iq,7.5,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2021-03-31T17:35:54.000Z,0
CVE-2021-22996,https://securityvulnerability.io/vulnerability/CVE-2021-22996,Denial-of-Service Vulnerability in F5 BIG-IQ Data Collection Device,"A vulnerability in F5 BIG-IQ Data Collection Device 7.x versions can trigger a denial-of-service scenario when the cluster is configured for auto failover. This issue arises when a cluster member receives a particular undisclosed message, causing the corosync process to abort. As a result, the stability and availability of the BIG-IQ high availability cluster may be compromised, potentially affecting operational continuity.",F5,Big-iq,7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-03-31T17:34:21.000Z,0
CVE-2021-22995,https://securityvulnerability.io/vulnerability/CVE-2021-22995,Authentication Flaw in BIG-IQ High Availability by F5 Networks,"An authentication vulnerability exists in F5 Networks' BIG-IQ high availability feature when it utilizes a Quorum device for automatic failover. This issue permits unauthorized access by failing to implement any authentication measures with the Corosync daemon, potentially compromising the integrity of the high availability configuration. It is critical for users of BIG-IQ 6.x and 7.x versions to address this vulnerability immediately to avoid possible exploitation.",F5,Big-iq,7.5,HIGH,0.0008399999933317304,false,,false,false,false,,,false,false,,2021-03-31T16:45:54.000Z,0
CVE-2021-22986,https://securityvulnerability.io/vulnerability/CVE-2021-22986,Remote Command Execution Vulnerability in F5 BIG-IP and BIG-IQ Products,"The vulnerability affects multiple versions of F5 BIG-IP and BIG-IQ products through the iControl REST interface, which allows unauthenticated remote command execution. This flaw can potentially enable attackers to execute arbitrary commands on the server, posing significant security risks to the affected systems. Administrators are advised to update their software to the latest versions to mitigate this vulnerability.",F5,Big-ip; Big-iq,9.8,CRITICAL,0.9752500057220459,true,2021-11-03T00:00:00.000Z,false,true,true,2021-11-03T00:00:00.000Z,true,false,false,,2021-03-31T14:04:47.000Z,0
CVE-2021-22974,https://securityvulnerability.io/vulnerability/CVE-2021-22974,Race Condition Vulnerability in BIG-IP Products by F5 Networks,"A race condition vulnerability has been identified in F5 Networks' BIG-IP products, where an authenticated attacker with access to iControl REST may exploit this flaw to execute commands with elevated privileges. This issue arises from an incomplete resolution of a previously identified vulnerability and affects specific versions of the software. Organizations using affected versions should prioritize applying recommended updates to mitigate this risk and ensure the integrity of their systems.",F5,"Big-ip, Big-iq",7.5,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2021-02-12T16:23:27.000Z,0