big-ip

133 Versions 150 CVEs

Versions

Recent CVEs

CVE-2024-31156

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

HIGH May 08, 2024

CVE-2024-33604

A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

MEDIUM May 08, 2024

CVE-2024-27202

A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

MEDIUM May 08, 2024

CVE-2024-24775

When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

HIGH Feb 14, 2024

CVE-2023-41373

A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

HIGH Oct 10, 2023

CVE-2023-40542

When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

HIGH Oct 10, 2023

CVE-2023-22839

On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

HIGH Feb 01, 2023

CVE-2023-22326

In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

MEDIUM Feb 01, 2023

CVE-2023-22323

In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

HIGH Feb 01, 2023

CVE-2022-41833

In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate.

HIGH Oct 19, 2022

big-ip

Versions

17.1.0, 16.1.0, 15.1.0

16.1.4

17..1

15.1.10

13.1.0

classification-update-16.1.0-20230105_0508.im

14.1.0-14.1.0.5

17.x

classification-update-15.1.0-20221212_0929.im

14.1.0.2-14.1.2.2

15.0.0-15.0.1.1

Hotfix-BIGIP-12.1.4.1.0.97.6-ENG

classification-update-16.1.0-20230216_0811.im

15.1.0

11.6.5

11.6.1-11.6.3.4

BIG-IP 11.5.1-11.6.4

14.1.0

classification_updates_15.1.0-20230302_1513.im

classification-update-16.1.0-20230203_1610.im

classification_updates_16.1.0-20230302_1513.im

BIG-IQ 7.0.0

Hotfix-BIGIP-11.5.4.2.74.291-HF2

13.1.0-13.1.3.1

classification-update-16.1.0-20221110_0614.im

16.1.2.2

17.0.0

14.0.0-14.1.2.3

Hotfix-BIGIP-15.1.10.2.0.44.2-ENG.iso

13.1.x

11.5.9-11.5.10

classification-update-16.1.0-20220919_0728.im

13.1.0-13.1.1.4

classification-update-17.0.0-20221222_0627.im

14.0.0-14.0.0.5

classification-update-15.1.0-20220929_1149.im

classification-update-15.1.0-20220919_0728.im

14.0.0-14.1.2

11.6.x

12.1.0-12.1.4.2

13.0.0-13.1.1.4

BIG-IP 14.1.0-14.1.0.5

16.1.x

classification-update-16.1.0-20221027_0652.im

12.1.4.1-12.1.5

BIG-IP 15.0.0-15.0.1.1

classification-update-17.0.0-20221125_0422.im

14.0.0-14.1.2.2

classification-update-17.0.0-20220929_1149.im

12.1.0-12.1.5

12.1.x

15.1.5.1

11.5.1-11.6.5.1

13.1.5

classification-update-17.0.0-20230203_1610.im

classification-update-17.0.0-20221212_0929.im

12.1.0-12.1.4

5.1.0-5.4.0

14.1.x

14.1.0-14.1.2.2

14.1.5

classification-update-17.0.0-20221014_1320.im

11.5.1-11.5.8

classification-update-17.0.0-20230105_0508.im

16.1.2

12.1.6

iWorkflow 2.3.0

15.0.0-15.0.1

classification-update-16.1.0-20221222_0627.im

16.0.x

classification-update-15.1.0-20230203_1610.im

Engineering Hotfix Available

15.1.5

11.5.2-11.6.4

classification-update-15.1.0-20221110_0614.im

5.0.0-5.4.0

Hotfix-BIGIP-16.1.4.1.0.50.5-ENG.iso

16.0.0