RSS   Vulnerabilities for 'Big-ip websafe'   RSS



On BIG-IP 14.0.0-, 13.0.0-, 12.1.0-12.1.4, 11.6.1-, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems.



A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-, 12.1.0-, 11.6.0-, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end.



F5 BIG-IP 13.0.0-, 12.1.0-, or 11.6.0- virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb".



On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash.



On F5 BIG-IP 12.1.0-, 11.6.1-, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS.



On F5 BIG-IP 13.1.0-, 13.0.0, 12.1.0-, 11.6.1-, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue.



On an F5 BIG-IP 13.0.0-, 12.1.0-, or 11.2.1- system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources.



On F5 BIG-IP 13.0.0-, 12.1.0-, or 11.2.1-, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended.



On F5 BIG-IP 13.0.0- or 12.0.0-, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in "Appliance Mode" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as "host-only" or "bridged" mode is required.



On F5 BIG-IP 13.0.0-, 12.1.0-12.1.2, or 11.2.1-, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.


Copyright 2019,


Back to Top