Shodan
Vulnerabilities
Vulnerable Software
F5:  >> Big-Ip Advanced Firewall Manager  >> 14.0.1  Security Vulnerabilities
CVE-2019-6676
On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM may restart on BIG-IP Virtual Edition (VE) when using virtio direct descriptors and packets 2 KB or larger.
CVSS Score
7.5
EPSS Score
0.009
Published
2019-12-23
CVE-2019-6669
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, undisclosed traffic flow may cause TMM to restart under some circumstances.
CVSS Score
7.5
EPSS Score
0.009
Published
2019-11-27
CVE-2019-6670
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem.
CVSS Score
4.4
EPSS Score
0.001
Published
2019-11-27
CVE-2019-6671
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, under certain conditions tmm may leak memory when processing packet fragments, leading to resource starvation.
CVSS Score
7.5
EPSS Score
0.009
Published
2019-11-27
CVE-2019-6672
On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded.
CVSS Score
7.5
EPSS Score
0.009
Published
2019-11-27
CVE-2019-6673
On versions 15.0.0-15.0.1 and 14.0.0-14.1.2, when the BIG-IP is configured in HTTP/2 Full Proxy mode, specifically crafted requests may cause a disruption of service provided by the Traffic Management Microkernel (TMM).
CVSS Score
7.5
EPSS Score
0.009
Published
2019-11-27
CVE-2019-6659
On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages.
CVSS Score
7.5
EPSS Score
0.009
Published
2019-11-15
CVE-2019-6660
On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service.
CVSS Score
7.5
EPSS Score
0.009
Published
2019-11-15
CVE-2019-6663
The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack.
CVSS Score
5.5
EPSS Score
0.004
Published
2019-11-15
CVE-2019-6658
On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a vulnerability in the AFM configuration utility may allow any authenticated BIG-IP user to run an SQL injection attack.
CVSS Score
4.3
EPSS Score
0.003
Published
2019-11-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved