The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of BIG-IP Hardware

computer vulnerability alert CVE-2019-9070

binutils: information disclosure via d_expression_1

Synthesis of the vulnerability

An attacker can read a memory fragment via d_expression_1() of binutils, in order to obtain sensitive information.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 27/05/2019.
Identifiers: CVE-2019-9070, K13534168, VIGILANCE-VUL-29416.

Description of the vulnerability

An attacker can read a memory fragment via d_expression_1() of binutils, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-9077

binutils: buffer overflow via process_mips_specific

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via process_mips_specific() of binutils, in order to trigger a denial of service, and possibly to run code.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: document.
Creation date: 27/05/2019.
Identifiers: CVE-2019-9077, K00056379, VIGILANCE-VUL-29415.

Description of the vulnerability

An attacker can trigger a buffer overflow via process_mips_specific() of binutils, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-9074

binutils: NULL pointer dereference via bfd_getl32

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via bfd_getl32() of binutils, in order to trigger a denial of service.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 24/05/2019.
Identifiers: CVE-2019-9074, K09092524, VIGILANCE-VUL-29404.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via bfd_getl32() of binutils, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-11811

Linux kernel: use after free via ipmi_si module

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via ipmi_si module of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: BIG-IP Hardware, TMOS, Linux, openSUSE Leap, SLES.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 09/05/2019.
Identifiers: CVE-2019-11811, K01512680, openSUSE-SU-2019:1479-1, SUSE-SU-2019:1550-1, VIGILANCE-VUL-29256.

Description of the vulnerability

An attacker can force the usage of a freed memory area via ipmi_si module of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-6616

F5 BIG-IP: privilege escalation via tmsh

Synthesis of the vulnerability

An attacker can bypass restrictions via tmsh of F5 BIG-IP, in order to escalate his privileges.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data creation/edition.
Provenance: document.
Creation date: 03/05/2019.
Identifiers: CERTFR-2019-AVI-242, CVE-2019-6616, K07702240, K24401914, K27400151, K38941195, K46524395, K47527163, K82814400, K87659521, K94563344, VIGILANCE-VUL-29215.

Description of the vulnerability

An attacker can bypass restrictions via tmsh of F5 BIG-IP, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-6618

F5 BIG-IP: privilege escalation via Resource Administrator Advanced Shell

Synthesis of the vulnerability

An attacker can bypass restrictions via Resource Administrator Advanced Shell of F5 BIG-IP, in order to escalate his privileges.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged account.
Creation date: 02/05/2019.
Identifiers: CERTFR-2019-AVI-242, CVE-2019-6618, K07702240, K24401914, K27400151, K38941195, K46524395, K47527163, K82814400, K87659521, K94563344, VIGILANCE-VUL-29213.

Description of the vulnerability

An attacker can bypass restrictions via Resource Administrator Advanced Shell of F5 BIG-IP, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-6617

F5 BIG-IP: privilege escalation via SFTP

Synthesis of the vulnerability

A privileged attacker can bypass restrictions via SFTP of F5 BIG-IP, in order to escalate his privileges.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged account.
Creation date: 02/05/2019.
Identifiers: CERTFR-2019-AVI-242, CVE-2019-6617, K07702240, K24401914, K27400151, K38941195, K46524395, K47527163, K82814400, K87659521, K94563344, VIGILANCE-VUL-29212.

Description of the vulnerability

A privileged attacker can bypass restrictions via SFTP of F5 BIG-IP, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-6619

F5 BIG-IP: denial of service via HTTP/2 ALPN

Synthesis of the vulnerability

An attacker can send malicious HTTP/2 ALPN packets to F5 BIG-IP, in order to trigger a denial of service.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 02/05/2019.
Identifiers: CERTFR-2019-AVI-242, CVE-2019-6619, K07702240, K24401914, K27400151, K38941195, K46524395, K47527163, K82814400, K87659521, K94563344, VIGILANCE-VUL-29211.

Description of the vulnerability

An attacker can send malicious HTTP/2 ALPN packets to F5 BIG-IP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-6613

F5 BIG-IP: information disclosure via SNMP

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SNMP of F5 BIG-IP, in order to obtain sensitive information.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 02/05/2019.
Identifiers: CERTFR-2019-AVI-242, CVE-2019-6613, K07702240, K24401914, K27400151, K38941195, K46524395, K47527163, K82814400, K87659521, K94563344, VIGILANCE-VUL-29210.

Description of the vulnerability

An attacker can bypass access restrictions to data via SNMP of F5 BIG-IP, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-6615

F5 BIG-IP: privilege escalation via tmsh

Synthesis of the vulnerability

A privileged attacker can bypass restrictions via tmsh of F5 BIG-IP, in order to escalate his privileges.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights, data creation/edition.
Provenance: privileged account.
Creation date: 02/05/2019.
Identifiers: CERTFR-2019-AVI-242, CVE-2019-6615, K07702240, K24401914, K27400151, K38941195, K46524395, K47527163, K82814400, K87659521, K94563344, VIGILANCE-VUL-29209.

Description of the vulnerability

A privileged attacker can bypass restrictions via tmsh of F5 BIG-IP, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about BIG-IP Hardware: