The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of F5 BIG-IP TMOS

vulnerability bulletin CVE-2018-15333

F5 BIG-IP: information disclosure via Snapshot File Access

Synthesis of the vulnerability

Impacted products: BIG-IP Hardware, TMOS.
Severity: 1/4.
Consequences: data reading.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 28/12/2018.
Identifiers: CVE-2018-15333, K53620021, VIGILANCE-VUL-28123.

Description of the vulnerability

An attacker can bypass access restrictions to data via Snapshot File Access of F5 BIG-IP, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-15329

F5 BIG-IP: privilege escalation via TMUI

Synthesis of the vulnerability

Impacted products: BIG-IP Hardware, TMOS.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged account.
Confidence: confirmed by the editor (5/5).
Creation date: 27/12/2018.
Identifiers: CERTFR-2018-AVI-609, CVE-2018-15329, K61620494, VIGILANCE-VUL-28089.

Description of the vulnerability

An attacker can bypass restrictions via TMUI of F5 BIG-IP, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-5703

F5 BIG-IP: denial of service via Intel SPI Flash

Synthesis of the vulnerability

Impacted products: BIG-IP Hardware, TMOS.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 20/12/2018.
Identifiers: CVE-2017-5703, K19855851, VIGILANCE-VUL-28073.

Description of the vulnerability

An attacker can generate a fatal error via Intel SPI Flash of F5 BIG-IP, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2018-16869

Nettle: information disclosure via Side-channel Based Padding

Synthesis of the vulnerability

Impacted products: BIG-IP Hardware, TMOS, Fedora, openSUSE Leap, Slackware, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 06/12/2018.
Identifiers: CVE-2018-16869, FEDORA-2018-f7d9989c42, FEDORA-2019-01afc2352f, FEDORA-2019-31015766d1, K45616155, openSUSE-SU-2018:4260-1, SSA:2018-339-02, SUSE-SU-2018:4193-1, VIGILANCE-VUL-27963.

Description of the vulnerability

An attacker can bypass access restrictions to data via Side-channel Based Padding of Nettle, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2018-5407

OpenSSL: information disclosure via ECC Scalar Multiplication

Synthesis of the vulnerability

Impacted products: Debian, BIG-IP Hardware, TMOS, AIX, MariaDB ~ precise, MySQL Community, MySQL Enterprise, OpenBSD, OpenSSL, openSUSE Leap, Solaris, Percona Server, XtraBackup, XtraDB Cluster, Slackware, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 12/11/2018.
Identifiers: bulletinjan2019, CERTFR-2018-AVI-607, cpujan2019, CVE-2018-5407, DLA-1586-1, DSA-4348-1, DSA-4355-1, K49711130, openSUSE-SU-2018:3903-1, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, SSA:2018-325-01, SUSE-SU-2018:3864-1, SUSE-SU-2018:3866-1, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:0117-1, TNS-2018-16, TNS-2018-17, USN-3840-1, VIGILANCE-VUL-27760.

Description of the vulnerability

On an Intel processor (VIGILANCE-VUL-27667), an attacker can measure the execution time of the ECC Scalar Multiplication of OpenSSL, in order to obtain the used key.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2018-5407

Intel processors: information disclosure via SMT/Hyper-Threading PortSmash

Synthesis of the vulnerability

Impacted products: Debian, BIG-IP Hardware, TMOS, AIX, MariaDB ~ precise, Windows (platform) ~ not comprehensive, MySQL Community, MySQL Enterprise, OpenBSD, OpenSSL, openSUSE Leap, Solaris, Percona Server, XtraBackup, XtraDB Cluster, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, WindRiver Linux.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 05/11/2018.
Identifiers: bulletinjan2019, cpujan2019, CVE-2018-5407, DSA-4348-1, DSA-4355-1, K49711130, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:0117-1, USN-3840-1, VIGILANCE-VUL-27667.

Description of the vulnerability

An attacker can bypass access restrictions to data via SMT/Hyper-Threading PortSmash on an Intel processor, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2018-15325

F5 BIG-IP: denial of service via iControl TMSH

Synthesis of the vulnerability

Impacted products: BIG-IP Hardware, TMOS.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 31/10/2018.
Identifiers: CERTFR-2018-AVI-525, CVE-2018-15325, K77313277, VIGILANCE-VUL-27664.

Description of the vulnerability

An attacker can generate a fatal error via iControl TMSH of F5 BIG-IP, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2018-15324

F5 BIG-IP APM: denial of service via Portal Access

Synthesis of the vulnerability

Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 31/10/2018.
Identifiers: CERTFR-2018-AVI-525, CVE-2018-15324, K52206731, VIGILANCE-VUL-27661.

Description of the vulnerability

An attacker can generate a fatal error via Portal Access of F5 BIG-IP APM, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-15322

F5 BIG-IP: denial of service via Tmsh Edit Cli Preference

Synthesis of the vulnerability

Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 31/10/2018.
Identifiers: CERTFR-2018-AVI-525, CVE-2018-15322, K28003839, VIGILANCE-VUL-27659.

Description of the vulnerability

An attacker can generate a fatal error via Tmsh Edit Cli Preference of F5 BIG-IP, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2018-15323

F5 BIG-IP: denial of service via MQTT

Synthesis of the vulnerability

Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 31/10/2018.
Identifiers: CERTFR-2018-AVI-525, CVE-2018-15323, K26583415, VIGILANCE-VUL-27658.

Description of the vulnerability

An attacker can generate a fatal error via MQTT of F5 BIG-IP, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about F5 BIG-IP TMOS: