F5: Security Vulnerabilities
In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.7
EPSS Score
0.005
Published
2024-08-14
When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.7
EPSS Score
0.006
Published
2024-08-14
When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.7
EPSS Score
0.01
Published
2024-08-14
The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS Score
8.9
EPSS Score
0.008
Published
2024-08-14
BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
6.3
EPSS Score
0.003
Published
2024-08-14
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
CVSS Score
6.5
EPSS Score
0.005
Published
2024-05-29
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.
CVSS Score
5.3
EPSS Score
0.007
Published
2024-05-29
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-05-29
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.
CVSS Score
4.8
EPSS Score
0.005
Published
2024-05-29
An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
6.8
EPSS Score
0.002
Published
2024-05-08