F5 Latest Vulnerabilities

August 14

NGINX Open Source and NGINX Plus Vulnerability Permits Over-read of Worker Memory

CVE-2024-7347
F5Nginx Open Source4.7MEDIUM

Undisclosed Requests Can Cause Memory Resource Utilization Increase in NGINX Plus

CVE-2024-39792
F5Nginx Plus7.5HIGH

F5 BIG-IP Next Central Manager Vulnerability Allows for Unauthorized Account Lockouts

CVE-2024-37028
F5Big-ip Next Central Ma...5.3MEDIUM

User Session Refresh Token No Longer Expiring After Logout

CVE-2024-39809
F5Big-ip Next Central Ma...8.8HIGH

BIG-IP Next Logs Include F5 iHealth Credentials

CVE-2024-41719
F5Big-ip Next Central Ma...5.5MEDIUM

Memory Resource Utilization Increase in BIG-IP Tenants on Certain Hardware

CVE-2024-41727
F5Big-ip7.5HIGH

Traffic Termination Due to Unforeseen Circumstances in Virtual Servers

CVE-2024-41164
F5Big-ip7.5HIGH

Undisclosed Requests Can Cause TMM Termination in BIG-IP with High-Speed Bridge (HSB)

CVE-2024-39778
F5Big-ip7.5HIGH

F5 BIG-IP iControl REST Vulnerability Leads to User Account Name Leak

CVE-2024-41723
F5Big-ip4.3MEDIUM

May 29

Memory Leak in NGINX Plus Due to Undisclosed QUIC Packets

CVE-2024-34161
F5Nginx Open Source5.3MEDIUM

Undisclosed HTTP/3 Requests Can Cause NGINX Worker Processes to Terminate

CVE-2024-35200
F5Nginx Open Source5.3MEDIUM

Undisclosed HTTP/3 Encoder Instructions Can Cause NGINX Worker Processes to Terminate

CVE-2024-32760
F5Nginx Open Source6.5MEDIUM

Undisclosed HTTP/3 Requests Can Cause NGINX Worker Processes to Terminate

CVE-2024-31079
F5Nginx Open Source4.8MEDIUM

May 8

Potential Data Leak in BIG-IP TMMs on VELOS and rSeries Platforms

CVE-2024-32761
F5Big-ip6.5MEDIUM

F5 Networks BIG-IP Next Central Manager API SQL Injection Vulnerability

CVE-2024-26026
F5Big-ip Next Central Ma...😄👾9.8CRITICAL

OData Injection Vulnerability in F5 Networks' BIG-IP Next Central Manager API

CVE-2024-21793
F5Big-ip Next Central Ma...👾9.8CRITICAL

Improper Certificate Validation Vulnerability in BIG-IP Central Manager Could Allow Impersonation of Instance Provider Systems

CVE-2024-33612
F5Big-ip Next Central Ma...8HIGH

Stored XSS vulnerability in BIG-IP Configuration utility

CVE-2024-31156
F5Big-ip8HIGH

Reflected Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility

CVE-2024-33604
F5Big-ip6.1MEDIUM

Sensitive Information Vulnerability in GSLB Container

CVE-2024-28132
F5Big-ip Next Cnf4.4MEDIUM

Termination of Traffic Management Microkernel (TMM) Due to Non-Default SSL Profile Configuration

CVE-2024-28889
F5Big-ip5.9MEDIUM

Unauthenticated Remote Attackers May Obtain BIG-IP Next LTM/WAF Instance Credentials

CVE-2024-32049
F5Big-ip Next Central Ma...7.4HIGH

Undisclosed BIG-IP Configuration Utility Vulnerability Allows Cross-Site Scripting Attacks

CVE-2024-27202
F5Big-ip4.7MEDIUM

Undisclosed DNS Traffic Can Cause BIG-IP AFM TMM Termination

CVE-2024-25560
F5Big-ip7.5HIGH

IPsec Configuration Can Cause Termination of Traffic Management Microkernel

CVE-2024-33608
F5Big-ip7.5HIGH

F5 BIG-IP APM Vulnerability Allows Attackers to Bypass Endpoint Inspection

CVE-2024-28883
F5Big-ip Edge Client7.4HIGH

February 14

BIG-IP PEM Classification Profile Vulnerability

CVE-2024-23982
F5Big-ip7.5HIGH

Undisclosed Requests Can Cause NGINX Worker Processes to Terminate

CVE-2024-24990
F5Nginx Plus7.5HIGH

NGINX HTTP/3 QUIC vulnerability

CVE-2024-24989
F5Nginx Plus7.5HIGH

BIG-IP AFM Device Vulnerable to Termination Due to Undisclosed Queries

CVE-2024-21763
F5BIG-IP7.5HIGH

Undisclosed Requests Can Cause TMM Termination for HTTP Analytics and Advanced WAF/ASM

CVE-2024-23805
F5Big-ip7.5HIGH

Undisclosed Requests Can Cause Memory Resource Utilization Increase in BIG-IP ASM/Advanced WAF

CVE-2024-21789
F5BIG-IP7.5HIGH

Undisclosed Requests Can Cause BD Process Termination in BIG-IP Advanced WAF and ASM

CVE-2024-23308
F5BIG-IP7.5HIGH

Undisclosed SQL Injection Vulnerability Affects F5 Networks' BIG-IP Configuration Utility

CVE-2024-23603
F5BIG-IP3.8LOW

Termination of TMM due to Undisclosed Traffic

CVE-2024-24775
F5BIG-IP7.5HIGH

Undisclosed Sensitive Files Vulnerability in BIG-IP Next CNF and SPK Systems

CVE-2024-23306
F5BIG-IP Next SPK4.4MEDIUM

Undisclosed Responses in HTTP/2 Configured BIG-IP Systems Can Cause TMM Termination

CVE-2024-23314
F5Big-ip7.5HIGH

Undisclosed iControl REST Endpoint Vulnerability Allows Crossing Security Boundaries

CVE-2024-22093
F5BIG-IP8.7HIGH

Excessive CPU Utilization with SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) Authentication Profile

CVE-2024-23979
F5BIG-IP7.5HIGH

Remote Authentication Vulnerability in F5OS

CVE-2024-24966
F5F5OS - Appliance6.2MEDIUM

Advanced WAF/ASM Traffic Disruption Due to Undisclosed Traffic

CVE-2024-21849
F5BIG-IP7.5HIGH

Excessive Signature Matching Time Causes Traffic Disruption in BIG-IP AFM IPS Engine

CVE-2024-21771
F5BIG-IP7.5HIGH

Arbitrary Command Execution Vulnerability in BIG-IP and BIG-IQ Due to Incomplete Fix for CVE-2020-5873

CVE-2024-21782
F5BIG-IP6.7MEDIUM

F5 OS QKView Directory Traversal Vulnerability Allows Read Access to Outside Files

CVE-2024-23607
F5F5OS - Appliance5.5MEDIUM

Bypassing Appliance Mode Restrictions via iAppsLX Templates

CVE-2024-23976
F5BIG-IP6MEDIUM

BIG-IP High Availability Update Issues

CVE-2024-22389
F5BIG-IP7.2HIGH

November 21

CVE-2023-45886
F5Big-ip Next7.5HIGH

October 26

Undisclosed Requests May Bypass Configuration Utility Authentication in F5 BIG-IP Systems, Allowing Attackers to Execute Arbitrary System Commands

CVE-2023-46747
F5BIG-IP😄👾9.8CRITICAL

BIG-IP Configuration utility authenticated SQL injection vulnerability

CVE-2023-46748
F5BIG-IP👾8.8HIGH

October 10

BIGIP and BIG-IQ TACACS+ audit log Vulnerability

CVE-2023-43485
F5Big-ip5.5MEDIUM

BIG-IP Appliance mode external monitor vulnerability

CVE-2023-43746
F5Big-ip8.7HIGH

BIG-IP TCP Profile vulnerability

CVE-2023-40542
F5Big-ip7.5HIGH

BIG-IP Next SPK SSH vulnerability

CVE-2023-45226
F5Big-ip Next Spk7.4HIGH

BIG-IP Edge Client for macOS vulnerability

CVE-2023-5450
F5Big-ip Edge Client7.3HIGH

BIG-IP tmsh vulnerability

CVE-2023-45219
F5Big-ip4.4MEDIUM

BIG-IP and BIG-IQ Database Variable vulnerability

CVE-2023-41964
F5Big-ip4.3MEDIUM

BIG-IP DNS TSIG Key vulnerability

CVE-2023-41253
F5Big-ip5.5MEDIUM

BIG-IP iControl REST vulnerability

CVE-2023-42768
F5Big-ip7.2HIGH

BIG-IP Edge Client for macOS vulnerability

CVE-2023-43611
F5Big-ip Edge Client7.8HIGH

BIG-IP IPSEC vulnerability

CVE-2023-41085
F5Big-ip7.5HIGH

BIG-IP HTTP/2 vulnerability

CVE-2023-40534
F5Big-ip7.5HIGH

BIG-IP APM Guided Configuration vulnerability

CVE-2023-39447
F5Big-ip4.4MEDIUM

Multi-blade VIPRION Configuration utility session cookie vulnerability

CVE-2023-40537
F5Big-ip8.1HIGH

BIG-IP Configuration Utility vulnerability

CVE-2023-41373
F5Big-ip9.9CRITICAL

September 27

BIG-IP APM Clients TunnelCrack vulnerability

CVE-2023-43125
F5Big-ip Edge Client6.8MEDIUM

BIG-IP APM Clients TunnelCrack vulnerability

CVE-2023-43124
F5Big-ip Edge Client5.3MEDIUM

August 2

BIG-IP Configuration utility vulnerability

CVE-2023-38423
F5Big-ip5.4MEDIUM

BIG-IP FIPS HSM password vulnerability CVE-2023-3470

CVE-2023-3470
F5Big-ip6MEDIUM

BIG-IP Edge Client for macOS vulnerability

CVE-2023-38418
F5Big-ip Edge Client7.8HIGH

BIG-IP and BIG-IQ iControl SOAP vulnerability

CVE-2023-38419
F5Big-ip4.3MEDIUM

F5OS-A vulnerability

CVE-2023-36494
F5F5os - Appliance4.4MEDIUM

BIG-IP Configuration utility vulnerability

CVE-2023-38138
F5Big-ip7.5HIGH

BIG-IP Edge Client for Windows and macOS vulnerability

CVE-2023-36858
F5Big-ip Edge Client7.1HIGH

May 3

BIG-IP Configuration utility vulnerability

CVE-2023-28406
F5BIG-IP4.3MEDIUM

NGINX Management Suite vulnerability

CVE-2023-28724
F5NGINX Instance Manager7.1HIGH

BIG-IP TMM SSL vulnerability

CVE-2023-24594
F5BIG-IP5.3MEDIUM

BIG-IQ iControl REST Vulnerability

CVE-2023-29240
F5BIG-IQ5.4MEDIUM

NGINX Management Suite vulnerability

CVE-2023-28656
F5NGINX Instance Manager8.1HIGH

BIG-IP Edge Client for Windows and macOS vulnerability

CVE-2023-24461
F5BIG-IP Edge Client5.9MEDIUM

BIG-IP UDP Profile vulnerability

CVE-2023-29163
F5BIG-IP7.5HIGH

BIG-IP TMUI XSS vulnerability

CVE-2023-27378
F5BIG-IP6.1MEDIUM

BIG-IP iQuery mesh vulnerability

CVE-2023-28742
F5BIG-IP8.8HIGH

BIG-IP Edge Client for Windows and Mac OS vulnerability

CVE-2023-22372
F5BIG-IP Edge Client5.9MEDIUM

April 9

CVE-2023-27729
F5Njs7.5HIGH

CVE-2023-27727
F5Njs7.5HIGH

CVE-2023-27728
F5Njs7.5HIGH

CVE-2023-27730
F5Njs7.5HIGH

March 29

NGINX Agent vulnerability CVE-2023-1550

CVE-2023-1550
F5NGINX Agent5.5MEDIUM

February 1

F5OS vulnerability

CVE-2023-22657
F5F5OS-A7.8HIGH

BIG-IP SSL OCSP Authentication profile vulnerability

CVE-2023-22323
F5BIG-IP7.5HIGH

iControl REST and tmsh vulnerability

CVE-2023-22326
F5BIG-IP4.9MEDIUM

BIG-IP SIP profile vulnerability

CVE-2023-22340
F5BIG-IP7.5HIGH

BIG-IP HTTP profile vulnerability

CVE-2023-22302
F5BIG-IP5.9MEDIUM

BIG-IP Edge Client for Windows vulnerability

CVE-2023-22358
F5APM Clients7.8HIGH

BIG-IP SIP profile vulnerability

CVE-2023-22842
F5BIG-IP7.5HIGH

iControl SOAP vulnerability

CVE-2023-22374
F5BIG-IP8.5HIGH

BIG-IP APM virtual server vulnerability

CVE-2023-22418
F5BIG-IP6.1MEDIUM

BIG-IP Edge Client for Windows vulnerability

CVE-2023-22283
F5APM Clients6.5MEDIUM

HTTP profile vulnerability

CVE-2023-22422
F5BIG-IP7.5HIGH

BIG-IP DNS profile vulnerability

CVE-2023-22839
F5BIG-IP7.5HIGH