7 advisories tracked · F5 SIRT (f5sirt@f5.com CNA) via NVD · checked automatically every minute
Pick your product and enter the exact software release it runs. We match it against the affected/fixed versions in F5's recent advisories.
F5 SIRT (f5sirt@f5.com CNA) via NVD
F5 is its own CVE Numbering Authority. VulniPulse ingests F5's CVEs from the NVD CNA feed (f5sirt@f5.com), each linking to its my.f5.com / support.f5.com security article. Covers BIG-IP (LTM, ASM/Advanced WAF, APM, AFM), BIG-IP Next, BIG-IQ, NGINX / NGINX Plus, F5OS and Distributed Cloud — internet-facing application-delivery and security appliances that are repeatedly mass-exploited (e.g. the CVE-2023-46747 RCE), so a patch-now enterprise audience.
Visit F5 security advisoriesA vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
When the Allowed IP Addresses feature is configured on the F5OS-C partition control plane, undisclosed traffic can cause multiple containers to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH private key. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller.