Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-20058

Summary
Assigner-f5
Assigner Org ID-9dacffd4-cb11-413f-8451-fbbfd4ddc0ab
Published At-05 Feb, 2025 | 17:31
Updated At-12 Feb, 2025 | 20:51
Rejected At-
Credits

BIG-IP message routing vulnerability

When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:f5
Assigner Org ID:9dacffd4-cb11-413f-8451-fbbfd4ddc0ab
Published At:05 Feb, 2025 | 17:31
Updated At:12 Feb, 2025 | 20:51
Rejected At:
▼CVE Numbering Authority (CNA)
BIG-IP message routing vulnerability

When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected Products
Vendor
F5, Inc.F5
Product
BIG-IP
Modules
  • All Modules
Default Status
unknown
Versions
Affected
  • From 17.1.0 before 17.1.2 (custom)
  • From 16.1.0 before * (custom)
    • -> unaffectedfromHotfix-BIGIP-16.1.5.2.0.7.5-ENG.iso
  • From 15.1.0 before * (custom)
    • -> unaffectedfromHotfix-BIGIP-15.1.10.6.0.11.6-ENG.iso
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.08.9HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 4.0
Base score: 8.9
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
F5
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://my.f5.com/manage/s/article/K000140947
vendor-advisory
Hyperlink: https://my.f5.com/manage/s/article/K000140947
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:f5sirt@f5.com
Published At:05 Feb, 2025 | 18:15
Updated At:05 Feb, 2025 | 18:15

When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.9HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 8.9
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-400Primaryf5sirt@f5.com
CWE ID: CWE-400
Type: Primary
Source: f5sirt@f5.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://my.f5.com/manage/s/article/K000140947f5sirt@f5.com
N/A
Hyperlink: https://my.f5.com/manage/s/article/K000140947
Source: f5sirt@f5.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1075Records found
CVE-2024-41727
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.34% / 56.07%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 14:32
Updated-20 Aug, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP TMM vulnerability

In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_automation_toolchainbig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_ssl_orchestratorbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_application_security_managerr2000big-ip_edge_gatewaybig-ip_advanced_web_application_firewallbig-ip_carrier-grade_natbig-ip_link_controllerr4000big-ip_application_visibility_and_reportingbig-ip_container_ingress_servicesbig-ip_access_policy_managerbig-ip_websafebig-ip_advanced_firewall_managerbig-ip_ddos_hybrid_defenderBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-23552
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-44.95% / 97.50%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:56
Updated-25 Mar, 2025 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP Advanced WAF and ASM vulnerability

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_advanced_web_application_firewallbig-ip_application_security_managerBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-22664
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.59%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:56
Updated-26 Mar, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP HTTP/2 profile vulnerability

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_ssl_orchestratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_service_proxybig-ip_application_security_managerbig-ip_ddos_hybrid_defenderBIG-IPBIG-IP SPK
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-41833
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.42%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 21:24
Updated-07 May, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP iRule vulnerability CVE-2022-41833

In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-33203
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.81%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 17:46
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP APM and F5 SSL Orchestrator vulnerability CVE-2022-33203

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_access_policy_managerbig-ip_ssl_orchestratorBIG-IP APM
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-28701
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.81%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 16:35
Updated-17 Sep, 2024 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-40542
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.58% / 67.81%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 12:33
Updated-19 Sep, 2024 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP TCP Profile vulnerability

When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_webacceleratorbig-ip_ssl_orchestratorbig-ip_application_acceleration_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_application_security_managerbig-ip_edge_gatewaybig-ip_advanced_web_application_firewallbig-ip_carrier-grade_natbig-ip_link_controllerbig-ip_application_visibility_and_reportingbig-ip_access_policy_managerbig-ip_websafebig-ip_advanced_firewall_managerbig-ip_ddos_hybrid_defenderBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-41806
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.27%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 21:22
Updated-08 May, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP AFM NAT64 Policy Vulnerability CVE-2022-41806

In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BIG-IP AFM Network Address Translation policy with IPv6/IPv4 translation rules is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_advanced_firewall_managerBIG-IP AFM
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-6667
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.61%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 21:51
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic for a Virtual Server with the FIX (Financial Information eXchange) profile applied.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-6683
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.61%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 17:01
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be subject to excessive flow usage under undisclosed conditions.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP Virtual Edition
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-6682
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.61%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 16:54
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP ASM system may consume excessive resources when processing certain types of HTTP responses from the origin web server. This vulnerability is only known to affect resource-constrained systems in which the security policy is configured with response-side features, such as Data Guard or response-side learning.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_security_managerBIG-IP ASM
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-21087
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-8.9||HIGH
EPSS-0.12% / 32.34%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 17:30
Updated-05 Feb, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TMM Vulnerability

When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-BIG-IP NextBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-28691
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.81%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 16:33
Updated-16 Sep, 2024 | 23:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when a Real Time Streaming Protocol (RTSP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-26372
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.61%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 16:26
Updated-16 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when a DNS listener is configured on a virtual server with DNS queueing (default), undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-35236
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.81%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 17:48
Updated-17 Sep, 2024 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTP2 profile vulnerability CVE-2022-35236

In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-39792
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.73% / 71.78%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 14:32
Updated-19 Aug, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NGINX Plus MQTT vulnerability

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-nginx_plusNGINX Plusnginx_plus
CWE ID-CWE-825
Expired Pointer Dereference
CWE ID-CWE-672
Operation on a Resource after Expiration or Release
CVE-2023-29163
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.40% / 60.01%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 14:34
Updated-03 Feb, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP UDP Profile vulnerability

When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_webacceleratorbig-ip_ssl_orchestratorbig-ip_application_acceleration_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_application_security_managerbig-ip_edge_gatewaybig-ip_advanced_web_application_firewallbig-ip_carrier-grade_natbig-ip_link_controllerbig-ip_application_visibility_and_reportingbig-ip_access_policy_managerbig-ip_websafebig-ip_advanced_firewall_managerbig-ip_ddos_hybrid_defenderBIG-IP
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-41164
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-8.2||HIGH
EPSS-0.30% / 52.73%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 14:32
Updated-19 Aug, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP MPTCP vulnerability

When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_automation_toolchainbig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_ssl_orchestratorbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_application_security_managerbig-ip_edge_gatewaybig-ip_next_service_proxy_for_kubernetesbig-ip_advanced_web_application_firewallbig-ip_carrier-grade_natbig-ip_next_cloud-native_network_functionsbig-ip_link_controllerbig-ip_application_visibility_and_reportingbig-ip_container_ingress_servicesbig-ip_access_policy_managerbig-ip_websafebig-ip_advanced_firewall_managerbig-ip_ddos_hybrid_defenderBIG-IPBIG-IP Next SPKBIG-IP Next CNF
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-39778
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.37% / 58.02%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 14:32
Updated-19 Aug, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP HSB vulnerability

When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_automation_toolchainbig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_ssl_orchestratorbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_application_security_managerbig-ip_edge_gatewaybig-ip_advanced_web_application_firewallbig-ip_carrier-grade_natbig-ip_link_controllerbig-ip_application_visibility_and_reportingbig-ip_container_ingress_servicesbig-ip_access_policy_managerbig-ip_websafebig-ip_advanced_firewall_managerbig-ip_ddos_hybrid_defenderBIG-IPbig_ip
CWE ID-CWE-702
Not Available
CVE-2023-22842
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.41%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:56
Updated-26 Mar, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP SIP profile vulnerability

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_ssl_orchestratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerbig-ip_ddos_hybrid_defenderBIG-IP
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-23555
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.59%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:57
Updated-26 Mar, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP Virtual Edition vulnerability

On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_ssl_orchestratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_service_proxybig-ip_application_security_managerbig-ip_ddos_hybrid_defenderBIG-IPBIG-IP SPK
CWE ID-CWE-665
Improper Initialization
CVE-2023-22281
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.59%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:52
Updated-26 Mar, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP AFM vulnerability

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_advanced_firewall_managerBIG-IP
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2023-22839
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.53%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:56
Updated-26 Mar, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP DNS profile vulnerability

On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_i7800big-ip_i10600_firmwarebig-ip_i15800_firmwareviprion_b2250_firmwarebig-ip_7200v-ssl_firmwarebig-ip_local_traffic_managerbig-ip_i5800r5800big-ip_7200v_firmwarer10600viprion_b2150big-ip_i11800big-ip_10200v-sslbig-ip_5000s_firmwarevelos_bx110big-ip_i11600big-ip_i15800big-ip_i5800_firmwarebig-ip_7200vbig-ip_5200v-ssl_firmwarebig-ip_10200v-ssl_firmwarebig-ip_domain_name_systembig-ip_7000s_firmwarebig-ip_i10800_firmwarer5900big-ip_i15600big-ip_i11800_firmwarebig-ip_12000_firmwarer10900_firmwarebig-ip_10000sviprion_b2100big-ip_5200v_firmwarebig-ip_i7600big-ip_5200v-sslbig-ip_i7800_firmwarer10900big-ip_10200vviprion_b4450_firmwarer5600big-ip_12000viprion_b2250r5800_firmwarebig-ip_5200vbig-ip_i5600_firmwarer5600_firmwarer5900_firmwarer10600_firmwarebig-ip_10000s_firmwarebig-ip_7000sbig-ip_i5600viprion_b4300r10800_firmwarer10800viprion_b4300_firmwarevelos_bx110_firmwarebig-ip_i15600_firmwarebig-ip_i10800viprion_b2100_firmwarebig-ip_i10600big-ip_10200v_firmwarebig-ip_7200v-sslbig-ip_5000sbig-ip_i7600_firmwareviprion_b4450big-ip_i11600_firmwareviprion_b2150_firmwareBIG-IP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-22341
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.53%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:54
Updated-26 Mar, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP APM OAuth vulnerability

On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to '/' * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_access_policy_managerBIG-IP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-22422
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.41%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:55
Updated-26 Mar, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTP profile vulnerability

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_ssl_orchestratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerbig-ip_ddos_hybrid_defenderBIG-IP
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22340
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.53%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:54
Updated-26 Mar, 2025 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP SIP profile vulnerability

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_ssl_orchestratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerbig-ip_ddos_hybrid_defenderBIG-IP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-22323
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.47%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:53
Updated-26 Mar, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP SSL OCSP Authentication profile vulnerability

In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_ssl_orchestratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerbig-ip_ddos_hybrid_defenderBIG-IP
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-33608
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.05%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 15:01
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP IPsec vulnerability

When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-BIG-IPbig-ip
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2022-41836
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.16%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 21:25
Updated-07 May, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41836

When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_advanced_web_application_firewallbig-ip_application_security_managerBIG-IP Advanced WAF & ASM
CWE ID-CWE-20
Improper Input Validation
CVE-2022-41787
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.40%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 21:22
Updated-06 May, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP DNS Express vulnerability CVE-2022-41787

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_local_traffic_managerbig-ip_domain_name_systemBIG-IP LTMBIG-IP DNS
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-41624
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.58%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 21:19
Updated-08 May, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP iRules vulnerability CVE-2022-41624

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15.1.x before 15.1.7, 14.1.x before 14.1.5.2, and 13.1.x before 13.1.5.1, when a sideband iRule is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-41832
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.86%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 21:24
Updated-08 May, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP SIP vulnerability CVE-2022-41832

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when a SIP profile is configured on a virtual server, undisclosed messages can cause an increase in memory resource utilization.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-24989
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.28%
||
7 Day CHG+0.02%
Published-14 Feb, 2024 | 16:30
Updated-12 May, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-nginx_open_sourcenginx_plusNGINX PlusNGINX Open Source
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-24990
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.69%
||
7 Day CHG+0.01%
Published-14 Feb, 2024 | 16:30
Updated-08 May, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-nginx_open_sourcenginx_plusNGINX Open SourceNGINX Plus
CWE ID-CWE-416
Use After Free
CVE-2024-25560
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.97%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 15:01
Updated-01 Aug, 2024 | 23:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TMM Vulnerability

When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-BIG-IPBIG-IP Next CNFbig-ip_next_cloud-native_network_functionsbig-ip
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-24775
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.53%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 16:30
Updated-23 Jan, 2025 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP TMM vulnerability

When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_policy_enforcement_managerbig-ip_domain_name_systembig-ip_fraud_protection_servicebig-ip_link_controllerbig-ip_application_acceleration_managerbig-iq_centralized_managementbig-ip_access_policy_managerbig-ip_global_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerbig-ip_local_traffic_managerbig-ip_analyticsBIG-IPbig-ip
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-23805
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.41%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 16:30
Updated-12 May, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability

Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. Note: The DB variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_security_managerbig-ip_advanced_web_application_firewallBIG-IP
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2024-23982
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.41%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 16:35
Updated-12 Dec, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP PEM vulnerability

When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files.  NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_policy_enforcement_managerBIG-IPbig-ip_pem
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23314
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.91%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 16:30
Updated-23 Jan, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP HTTP/2 vulnerability

When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_policy_enforcement_managerbig-ip_domain_name_systembig-ip_fraud_protection_servicebig-ip_link_controllerbig-ip_application_acceleration_managerbig-ip_next_service_proxy_for_kubernetesbig-iq_centralized_managementbig-ip_access_policy_managerbig-ip_global_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerbig-ip_local_traffic_managerbig-ip_analyticsBIG-IPBIG-IP Next SPKbig-ip_next_service_proxy_for_kubernetesbig-ip
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-21849
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.41%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 16:30
Updated-12 Dec, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP Websockets vulnerability

When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_advanced_web_application_firewallbig-ip_application_security_managerBIG-IP
CWE ID-CWE-466
Return of Pointer Value Outside of Expected Range
CVE-2022-36795
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.56%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 21:18
Updated-08 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP software SYN cookies vulnerability CVE-2022-36795

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, and 14.1.x before 14.1.5.1, when an LTM TCP profile with Auto Receive Window Enabled is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-682
Incorrect Calculation
CVE-2022-35272
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.33% / 54.85%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 17:49
Updated-17 Sep, 2024 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP HTTP MRF vulnerability CVE-2022-35272

In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-21771
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.91%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 16:30
Updated-24 Mar, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
F5 AFM Signature Matching Vulnerability

For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_advanced_firewall_managerBIG-IP
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-35240
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.81%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 17:48
Updated-17 Sep, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP Message Routing MQTT vulnerability CVE-2022-35240

In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2022-34862
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.99% / 75.96%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 17:48
Updated-17 Sep, 2024 | 02:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TMM vulnerability CVE-2022-34862

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-34651
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.75% / 72.22%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 17:47
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP TLS 1.3 iRule vulnerability CVE-2022-34651

In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-21763
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.53%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 16:30
Updated-12 Dec, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP AFM vulnerability

When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate.  NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_advanced_firewall_managerBIG-IPbig-ip
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-21789
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.91%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 16:30
Updated-24 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP ASM and Advanced WAF vulnerability

When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_advanced_web_application_firewallbig-ip_application_security_managerBIG-IPbig-ip
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2022-29491
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-1.04% / 76.48%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 16:49
Updated-16 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on the other (server/client), undisclosed requests can cause the TMM process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_local_traffic_managerbig-ip_access_policy_managerbig-ip_advanced_web_application_firewallbig-ip_application_security_managerBIG-IP LTM, Advanced WAF, ASM, and APM
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-29473
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.67% / 70.49%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 16:44
Updated-16 Sep, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an IPSec ALG profile is configured on a virtual server, undisclosed responses can cause Traffic Management Microkernel(TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 21
  • 22
  • Next
Details not found