cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2023-22326,https://securityvulnerability.io/vulnerability/CVE-2023-22326,iControl REST and tmsh vulnerability,"In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. ",F5,"BIG-IP,BIG-IQ Centralized Management",4.9,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-02-01T18:15:00.000Z,0 CVE-2022-41622,https://securityvulnerability.io/vulnerability/CVE-2022-41622,iControl SOAP vulnerability,"In all versions,  BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. ",F5,"Big-ip,Big-iq Centralized Management",8.8,HIGH,0.4949899911880493,false,,false,false,true,2022-08-03T21:20:29.000Z,true,false,false,,2022-12-07T03:08:06.811Z,0 CVE-2022-34851,https://securityvulnerability.io/vulnerability/CVE-2022-34851,BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34851,"In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq Centralized Management",4.3,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2022-08-04T18:15:00.000Z,0 CVE-2022-34844,https://securityvulnerability.io/vulnerability/CVE-2022-34844,BIG-IP and BIG-IQ AWS vulnerability CVE-2022-34844,"In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq Centralized Management",5.9,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-08-04T18:15:00.000Z,0 CVE-2022-35728,https://securityvulnerability.io/vulnerability/CVE-2022-35728,iControl REST vulnerability CVE-2022-35728,"In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,"Big-ip,Big-iq Centralized Management",8.1,HIGH,0.0020099999383091927,false,,false,false,false,,,false,false,,2022-08-04T18:15:00.000Z,0 CVE-2022-26340,https://securityvulnerability.io/vulnerability/CVE-2022-26340,Remote File Access Vulnerability in F5 BIG-IP and BIG-IQ Products,"An authenticated, high-privileged attacker without bash access may gain unauthorized access to sensitive Certificate and Key files on F5 BIG-IP and BIG-IQ systems via the Secure Copy (SCP) protocol. This vulnerability affects multiple versions of F5 BIG-IP and BIG-IQ products, allowing potential exploitation that can compromise the security of managed systems. It is critical for organizations using affected versions to implement necessary updates and closely monitor for suspicious activity.",F5,"Big-ip,Big-iq Centralized Management",4.9,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-05-05T17:15:00.000Z,0 CVE-2022-29479,https://securityvulnerability.io/vulnerability/CVE-2022-29479,IPv6 Packet Processing Issue in F5 BIG-IP and BIG-IQ Systems,"F5 BIG-IP and BIG-IQ systems may experience performance degradation when an IPv6 self IP address is configured along with the ipv6.strictcompliance database key enabled. This affects certain versions of BIG-IP and all versions of BIG-IQ Centralized Management. While this setting is disabled by default, enabling it can lead to undisclosed packets impacting system performance.",F5,"Big-ip,Big-iq Centralized Management",5.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2022-05-04T00:00:00.000Z,0 CVE-2022-23009,https://securityvulnerability.io/vulnerability/CVE-2022-23009,Authorization Bypass Vulnerability in F5 BIG-IQ Centralized Management,"An authorization bypass vulnerability exists in F5 BIG-IQ Centralized Management, allowing an authenticated administrative user to gain unauthorized access to other BIG-IP devices managed within the same BIG-IQ system. This could potentially lead to sensitive data exposure or misconfigurations across managed devices. Note that versions that have reached End of Technical Support (EoTS) are not evaluated for these issues.",F5,Big-iq Centralized Management,7.2,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2022-01-25T19:11:18.000Z,0 CVE-2018-15328,https://securityvulnerability.io/vulnerability/CVE-2018-15328,,"On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication and privacy are not handled by the BIG-IP system Secure Vault feature; they are written in the clear to the various configuration files.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator), Enterprise Manager, Big-iq Centralized Management, F5 Iworkflow",7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2018-12-12T14:00:00.000Z,0 CVE-2018-15321,https://securityvulnerability.io/vulnerability/CVE-2018-15321,,"When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Fps, Gtm, Link Controller, Pem, Webaccelerator), Big-iq Centralized Management, Big-iq Cloud And Orchestration, Iworkflow, Enterprise Manager",4.9,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2018-10-31T14:00:00.000Z,0 CVE-2018-15322,https://securityvulnerability.io/vulnerability/CVE-2018-15322,,"On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe), Big-iq Centralized Management, Big-iq Cloud And Orchestration, Iworkflow, Enterprise Manager",6.5,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2018-10-31T14:00:00.000Z,0 CVE-2018-5540,https://securityvulnerability.io/vulnerability/CVE-2018-5540,,"On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.",F5,"Big-ip (dns, Gtm),Enterprise Manager,Big-iq Centralized Management,Big-iq Cloud And Orchestration,F5 Iworkflow",4.4,MEDIUM,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-07-19T14:29:00.000Z,0 CVE-2018-5516,https://securityvulnerability.io/vulnerability/CVE-2018-5516,,"On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.",F5,"Big-ip (ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Webaccelerator, Websafe),Enterprise Manager,Big-iq Centralized Management,Big-iq Cloud And Orchestration,Iworkflow",4.7,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2018-05-02T13:29:00.000Z,0 CVE-2017-6152,https://securityvulnerability.io/vulnerability/CVE-2017-6152,,"A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password.",F5,Big-iq Centralized Management,6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-03-08T14:29:00.000Z,0 CVE-2017-6128,https://securityvulnerability.io/vulnerability/CVE-2017-6128,,"An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.",F5,"Big-ip Ltm, Aam, Afm, Analytics, Apm, Asm, Edge Gateway, Gtm, Link Controller, Pem, Psm, Webaccelerator, Websafe,Enterprise Manager,Big-iq Cloud, Device, Security, Adc, Centralized Management, Cloud And Orchestration,Iworkflow",7.5,HIGH,0.002580000087618828,false,,false,false,false,,,false,false,,2017-05-01T15:00:00.000Z,0