F5 BIG-IP Local Traffic Manager 17.1.0.1

CPE Details

F5 BIG-IP Local Traffic Manager 17.1.0.1
f5
big-ip_local_traffic_manager
17.1.0.1
2023-05-09
14h35 +00:00
2023-05-12
13h38 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0.1:*:*:*:*:*:*:*

Informations

Vendor

f5

Product

big-ip_local_traffic_manager

Version

17.1.0.1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-45886 2023-11-20 23h00 +00:00 The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.
7.5
Haute
CVE-2023-46748 2023-10-26 20h05 +00:00 An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
8.8
Haute
CVE-2023-46747 2023-10-26 20h04 +00:00 Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
9.8
Critique
CVE-2023-41373 2023-10-10 12h33 +00:00 A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
9.9
Critique
CVE-2023-38423 2023-08-02 15h55 +00:00 A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
5.4
Moyen
CVE-2023-38419 2023-08-02 15h55 +00:00 An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
4.3
Moyen
CVE-2023-38138 2023-08-02 15h55 +00:00 A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
7.5
Haute
CVE-2012-1493 2012-07-09 22h00 +00:00 F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.
7.8