Search criteria
18 vulnerabilities found for N/A by F5
CERTFR-2024-AVI-0377
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | BIG-IP Next | BIG-IP Next Central Manager versions 20.0.x antérieures à 20.2.0 | ||
| F5 | BIG-IP | BIG-IP AFM versions 17.0.x antérieures à 17.1.1 | ||
| F5 | BIG-IP | BIG-IP AFM versions antérieures à 16.1.4 | ||
| F5 | BIG-IP | BIG-IP APM versions 16.1.x antérieures à 16.1.4.2 | ||
| F5 | N/A | APM Clients versions postérieures à 7.2.3 et antérieures à 7.2.4.4 | ||
| F5 | BIG-IP Next | BIG-IP Next CNF versions antérieures à 1.3.0 | ||
| F5 | BIG-IP | BIG-IP "tous les autres modules" versions 15.1.x antérieures à 15.1.5.1 | ||
| F5 | BIG-IP | BIG-IP "tous les autres modules" versions 16.1.x antérieures à 16.1.2.2 | ||
| F5 | BIG-IP | BIG-IP versions 15.1.x antérieures à 15.1.10.4 | ||
| F5 | BIG-IP | BIG-IP Advanced WAF/ASM versions 17.1.x antérieures à 17.1.3 | ||
| F5 | BIG-IP | BIG-IP APM versions 15.1.x antérieures à 15.1.10.3 | ||
| F5 | BIG-IP | BIG-IP APM versions 17.1.x antérieures à 17.1.1 | ||
| F5 | BIG-IP | BIG-IP Advanced WAF/ASM versions 15.1.x antérieures à 15.1.10.4 | ||
| F5 | BIG-IP | BIG-IP versions 16.1.x antérieures à 16.1.4.3 | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions antérieures à 1.7.0 | ||
| F5 | BIG-IP | BIG-IP Advanced WAF/ASM versions 16.1.x antérieures à 16.1.4.3 | ||
| F5 | BIG-IP Next | BIG-IP Next WAF versions 20.0.x antérieures à 20.2.0 | ||
| F5 | BIG-IP | BIG-IP AFM versions 15.1.x antérieures à 15.1.10.4 | ||
| F5 | NGINX | NGINX App Protect WAF versions antérieures à 4.8.1 | ||
| F5 | BIG-IP | BIG-IP versions 17.1.x antérieures à 17.1.3 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IP Next Central Manager versions 20.0.x ant\u00e9rieures \u00e0 20.2.0",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP AFM versions 17.0.x ant\u00e9rieures \u00e0 17.1.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP AFM versions ant\u00e9rieures \u00e0 16.1.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP APM versions 16.1.x ant\u00e9rieures \u00e0 16.1.4.2",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "APM Clients versions post\u00e9rieures \u00e0 7.2.3 et ant\u00e9rieures \u00e0 7.2.4.4",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next CNF versions ant\u00e9rieures \u00e0 1.3.0",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP \"tous les autres modules\" versions 15.1.x ant\u00e9rieures \u00e0 15.1.5.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP \"tous les autres modules\" versions 16.1.x ant\u00e9rieures \u00e0 16.1.2.2",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Advanced WAF/ASM versions 17.1.x ant\u00e9rieures \u00e0 17.1.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP APM versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP APM versions 17.1.x ant\u00e9rieures \u00e0 17.1.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Advanced WAF/ASM versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 16.1.x ant\u00e9rieures \u00e0 16.1.4.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions ant\u00e9rieures \u00e0 1.7.0",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Advanced WAF/ASM versions 16.1.x ant\u00e9rieures \u00e0 16.1.4.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next WAF versions 20.0.x ant\u00e9rieures \u00e0 20.2.0",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP AFM versions 15.1.x ant\u00e9rieures \u00e0 15.1.10.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX App Protect WAF versions ant\u00e9rieures \u00e0 4.8.1",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 17.1.x ant\u00e9rieures \u00e0 17.1.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-28889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28889"
},
{
"name": "CVE-2024-33612",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33612"
},
{
"name": "CVE-2024-27202",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27202"
},
{
"name": "CVE-2024-21793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21793"
},
{
"name": "CVE-2024-31156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31156"
},
{
"name": "CVE-2024-32049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32049"
},
{
"name": "CVE-2024-32761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32761"
},
{
"name": "CVE-2024-28883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28883"
},
{
"name": "CVE-2024-28132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28132"
},
{
"name": "CVE-2024-33604",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33604"
},
{
"name": "CVE-2024-25560",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25560"
},
{
"name": "CVE-2024-26026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26026"
},
{
"name": "CVE-2024-33608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33608"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0377",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000139404 du 08 mai 2024",
"url": "https://my.f5.com/manage/s/article/K000139404"
}
]
}
CERTFR-2023-AVI-0837
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | NGINX | NGINX OSS versions 1.9.5 à 1.25.2 | ||
| F5 | BIG-IP | BIG-IP (tous modules) versions 16.1.x antérieures à 16.1.4.1 avec le correctif de sécurité Hotfix-BIGIP-16.1.4.1.0.13.5-ENG | ||
| F5 | BIG-IQ | BIG-IQ Centralized Management versions 8.0.0 à 8.3.0 antérieures à 8.3.0 avec le correctif Hotfix-BIG-IQ-8.3.0.0.12.118-ENG | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 1.5.0 à 1.8.2 | ||
| F5 | BIG-IP | BIG-IP (APM) versions 16.1.0 à 16.1.3 antérieures à 16.1.4 | ||
| F5 | NGINX Ingress Controller | NGINX Ingress Controller versions 3.0.0 à 3.3.0 | ||
| F5 | BIG-IP | BIG-IP (Advanced WAF/ASM) versions 16.1.x antérieures à 16.1.4 | ||
| F5 | NGINX Plus | NGINX Plus verions R25 à R30 antérieures à R30 P1 | ||
| F5 | BIG-IP | BIG-IP (DNS, LTM avec le license DNS Services activée) versions 13.1.x, 14.1.x, 15.1.x antérieures à 15.1.9 | ||
| F5 | NGINX Ingress Controller | NGINX Ingress Controller versions 2.0.0 à 2.4.2 | ||
| F5 | BIG-IP | BIG-IP (DNS, LTM avec le license DNS Services activée) versions 16.1.x antérieures à 16.1.4 | ||
| F5 | NGINX Ingress Controller | NGINX Ingress Controller versions 1.12.2 à 1.12.5 | ||
| F5 | BIG-IP Next | BIG-IP Next CNF versions 1.1.0 à 1.1.1 | ||
| F5 | NGINX | NGINX App Protect WAF versions 3.3.0 à 3.12.2 et 4.x antérieures à 4.2.0 | ||
| F5 | BIG-IP | BIG-IP (Advanced WAF/ASM) versions 13.1.x, 14.1.x, 15.1.x antérieures à 15.1.9 | ||
| F5 | N/A | APM Clients versions 7.2.3.x, 7.2.4.x antérieures à 7.2.4.5 | ||
| F5 | BIG-IP Next | BIG-IP Next (tous modules) version 20.0.1 | ||
| F5 | BIG-IP | BIG-IP (tous modules) versions 13.1.x, 14.1.x, 15.1.x antérieures à 15.1.10.2 | ||
| F5 | BIG-IP | BIG-IP (tous modules) versions 17.1.x antérieures à 17.1.0.3 avec le correctif de sécurité Hotfix-BIGIP-17.1.0.3.0.23.4-ENG | ||
| F5 | BIG-IP | BIG-IP (APM) versions 14.1.x, 15.1.x antérieures à 15.1.9 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NGINX OSS versions 1.9.5 \u00e0 1.25.2",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous modules) versions 16.1.x ant\u00e9rieures \u00e0 16.1.4.1 avec le correctif de s\u00e9curit\u00e9 Hotfix-BIGIP-16.1.4.1.0.13.5-ENG",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IQ Centralized Management versions 8.0.0 \u00e0 8.3.0 ant\u00e9rieures \u00e0 8.3.0 avec le correctif Hotfix-BIG-IQ-8.3.0.0.12.118-ENG",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 1.5.0 \u00e0 1.8.2",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (APM) versions 16.1.0 \u00e0 16.1.3 ant\u00e9rieures \u00e0 16.1.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Ingress Controller versions 3.0.0 \u00e0 3.3.0",
"product": {
"name": "NGINX Ingress Controller",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (Advanced WAF/ASM) versions 16.1.x ant\u00e9rieures \u00e0 16.1.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Plus verions R25 \u00e0 R30 ant\u00e9rieures \u00e0 R30 P1",
"product": {
"name": "NGINX Plus",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (DNS, LTM avec le license DNS Services activ\u00e9e) versions 13.1.x, 14.1.x, 15.1.x ant\u00e9rieures \u00e0 15.1.9",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Ingress Controller versions 2.0.0 \u00e0 2.4.2",
"product": {
"name": "NGINX Ingress Controller",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (DNS, LTM avec le license DNS Services activ\u00e9e) versions 16.1.x ant\u00e9rieures \u00e0 16.1.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Ingress Controller versions 1.12.2 \u00e0 1.12.5",
"product": {
"name": "NGINX Ingress Controller",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next CNF versions 1.1.0 \u00e0 1.1.1",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX App Protect WAF versions 3.3.0 \u00e0 3.12.2 et 4.x ant\u00e9rieures \u00e0 4.2.0",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (Advanced WAF/ASM) versions 13.1.x, 14.1.x, 15.1.x ant\u00e9rieures \u00e0 15.1.9",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "APM Clients versions 7.2.3.x, 7.2.4.x ant\u00e9rieures \u00e0 7.2.4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next (tous modules) version 20.0.1",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous modules) versions 13.1.x, 14.1.x, 15.1.x ant\u00e9rieures \u00e0 15.1.10.2",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous modules) versions 17.1.x ant\u00e9rieures \u00e0 17.1.0.3 avec le correctif de s\u00e9curit\u00e9 Hotfix-BIGIP-17.1.0.3.0.23.4-ENG",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (APM) versions 14.1.x, 15.1.x ant\u00e9rieures \u00e0 15.1.9",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40542",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40542"
},
{
"name": "CVE-2023-5450",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5450"
},
{
"name": "CVE-2023-41373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41373"
},
{
"name": "CVE-2023-43746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43746"
},
{
"name": "CVE-2023-40537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40537"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-41085",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41085"
},
{
"name": "CVE-2023-41253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41253"
},
{
"name": "CVE-2023-42768",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42768"
},
{
"name": "CVE-2023-43611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43611"
},
{
"name": "CVE-2023-45226",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45226"
},
{
"name": "CVE-2023-45219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45219"
},
{
"name": "CVE-2023-41964",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41964"
},
{
"name": "CVE-2023-39447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39447"
},
{
"name": "CVE-2023-40534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40534"
},
{
"name": "CVE-2023-43485",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43485"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0837",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000137053 du 10 octobre 2023",
"url": "https://my.f5.com/manage/s/article/K000137053"
}
]
}
CERTFR-2022-AVI-888
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans les produits F5. Elle permet à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Traffix SDC versions 5.x.x ant\u00e9rieures \u00e0 5.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP (tous modules) versions ant\u00e9rieures \u00e0 17.0.0",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-18197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18197"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-888",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits F5. Elle permet \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K10812540 du 06 octobre 2022",
"url": "https://support.f5.com/csp/article/K10812540"
}
]
}
CERTFR-2021-AVI-887
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits F5. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | BIG-IQ | BIG-IQ versions 7.x | ||
| F5 | BIG-IQ | BIG-IQ versions 6.1.0 | ||
| F5 | BIG-IP | BIG-IP versions 13.x antérieures à 13.1.3.4 | ||
| F5 | BIG-IP | BIG-IP versions 12.x antérieures à 12.1.5.1 | ||
| F5 | N/A | Traffix SDC versions 5.2.0 | ||
| F5 | N/A | Traffix SDC versions 5.1.0 | ||
| F5 | BIG-IP | BIG-IP versions 14.x antérieures à 14.1.2.5 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IQ versions 7.x",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IQ versions 6.1.0",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 13.x ant\u00e9rieures \u00e0 13.1.3.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 12.x ant\u00e9rieures \u00e0 12.1.5.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "Traffix SDC versions 5.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "Traffix SDC versions 5.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 14.x ant\u00e9rieures \u00e0 14.1.2.5",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-887",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-11-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire et une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K19785240 du 18 novembre 2021",
"url": "https://support.f5.com/csp/article/K19785240"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K48382137 du 18 novembre 2021",
"url": "https://support.f5.com/csp/article/K48382137"
}
]
}
CERTFR-2021-AVI-121
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans les produits F5. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | BIG-IP | BIG-IP (APM) versions 12.x | ||
| F5 | BIG-IP | BIG-IP (APM) versions 16.x antérieures à 16.0.1.1 | ||
| F5 | N/A | APM Clients versions 7.2.x antérieures à 7.2.1.1 | ||
| F5 | BIG-IP | BIG-IP (APM) versions 15.x | ||
| F5 | BIG-IP | BIG-IP (APM) versions 11.x | ||
| F5 | BIG-IP | BIG-IP (APM) versions 14.x | ||
| F5 | BIG-IP | BIG-IP (APM) versions 13.x antérieures à 13.1.3.6 | ||
| F5 | N/A | APM Clients versions 7.1.x antérieures à 7.1.9.8 ou 7.1.8.5 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IP (APM) versions 12.x",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (APM) versions 16.x ant\u00e9rieures \u00e0 16.0.1.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "APM Clients versions 7.2.x ant\u00e9rieures \u00e0 7.2.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (APM) versions 15.x",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (APM) versions 11.x",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (APM) versions 14.x",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (APM) versions 13.x ant\u00e9rieures \u00e0 13.1.3.6",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "APM Clients versions 7.1.x ant\u00e9rieures \u00e0 7.1.9.8 ou 7.1.8.5",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22980",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22980"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-121",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-15T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits F5. Elle permet \u00e0\nun attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K29282483 du 15 f\u00e9vrier 2021",
"url": "https://support.f5.com/csp/article/K29282483"
}
]
}
CERTFR-2017-AVI-463
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans les produits F5 . Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste des produits vuln\u00e9rables (cf. section Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-6168",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6168"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-463",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits F5 . Elle permet \u00e0\nun attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K21905460 du 12 d\u00e9cembre 2017",
"url": "https://support.f5.com/csp/article/K21905460"
}
]
}
CERTFR-2016-AVI-330
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans les produits F5. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IP",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "Enterprise Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-1470",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1470"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-330",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-10-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les produits \u003cspan\nclass=\"textit\"\u003eF5\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\ninjection de code indirecte \u00e0 distance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 sol16838 du 04 octobre 2016",
"url": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16838.html"
}
]
}
CERTFR-2015-AVI-162
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits F5. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | BIG-IQ | F5 BIG-IQ Security versions 4.5.0 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP WOM versions 10.2.4 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP Link Controller versions 10.2.4 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP PSM versions 10.2.4 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP LTM versions 11.6.0 et antérieures | ||
| F5 | BIG-IQ | F5 BIG-IQ Cloud versions 4.5.0 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP APM versions 10.2.4 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP WOM versions 11.3.0 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP WebAccelerator versions 11.3.0 et antérieures | ||
| F5 | N/A | F5 Traffix SDC versions 4.1.0 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP AAM versions 11.6.0 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP ASM versions 11.6.0 et antérieures | ||
| F5 | BIG-IQ | F5 BIG-IQ ADC versions 4.5.0 et antérieures | ||
| F5 | N/A | F5 Entreprise Manager versions 2.3.0 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP ASM versions 10.2.4 et antérieures | ||
| F5 | N/A | F5 ARX versions 6.4.0 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP Link Controller versions 11.6.0 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP WebAccelerator versions 10.2.4 et antérieures | ||
| F5 | N/A | F5 Traffix SDC versions 3.5.1 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP Analytics versions 11.6.0 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP PEM versions 11.6.0 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP GTM versions 11.6.0 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP AFM versions 11.6.0 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP Edge Gateway versions 10.2.4 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP APM versions 11.6.0 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP GTM versions 10.2.4 et antérieures | ||
| F5 | BIG-IQ | F5 BIG-IQ Device versions 4.5.0 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP LTM versions 10.2.4 et antérieures | ||
| F5 | N/A | F5 Entreprise Manager versions 3.1.1 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP Edge Gateway versions 11.3.0 et antérieures | ||
| F5 | BIG-IP | F5 BIG-IP PSM versions 11.4.1 et antérieures |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F5 BIG-IQ Security versions 4.5.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP WOM versions 10.2.4 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP Link Controller versions 10.2.4 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP PSM versions 10.2.4 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP LTM versions 11.6.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IQ Cloud versions 4.5.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP APM versions 10.2.4 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP WOM versions 11.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP WebAccelerator versions 11.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 Traffix SDC versions 4.1.0 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP AAM versions 11.6.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP ASM versions 11.6.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IQ ADC versions 4.5.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 Entreprise Manager versions 2.3.0 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP ASM versions 10.2.4 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 ARX versions 6.4.0 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP Link Controller versions 11.6.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP WebAccelerator versions 10.2.4 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 Traffix SDC versions 3.5.1 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP Analytics versions 11.6.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP PEM versions 11.6.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP GTM versions 11.6.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP AFM versions 11.6.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP Edge Gateway versions 10.2.4 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP APM versions 11.6.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP GTM versions 10.2.4 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IQ Device versions 4.5.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP LTM versions 10.2.4 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 Entreprise Manager versions 3.1.1 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP Edge Gateway versions 11.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP PSM versions 11.4.1 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0227",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0227"
},
{
"name": "CVE-2014-9297",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9297"
}
],
"links": [],
"reference": "CERTFR-2015-AVI-162",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eF5\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 sol16392 du 09 avril 2015",
"url": "https://support.f5.com/kb/en-us/solutions/public/16000/300/sol16392.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 sol16344 du 09 avril 2015",
"url": "https://support.f5.com/kb/en-us/solutions/public/16000/300/sol16344.html"
}
]
}
CERTFR-2014-AVI-499
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits F5. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | BIG-IQ | F5 BIG-IQ Cloud versions antérieures à 4.4.0 | ||
| F5 | N/A | F5 Enterprise Manager versions 2.3.0 et antérieures | ||
| F5 | N/A | F5 Enterprise Manager versions 3.1.1 et antérieures | ||
| F5 | BIG-IQ | F5 BIG-IQ Device versions antérieures à 4.4.0 | ||
| F5 | BIG-IQ | F5 BIG-IQ Security versions antérieures à 4.4.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F5 BIG-IQ Cloud versions ant\u00e9rieures \u00e0 4.4.0",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 Enterprise Manager versions 2.3.0 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 Enterprise Manager versions 3.1.1 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IQ Device versions ant\u00e9rieures \u00e0 4.4.0",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IQ Security versions ant\u00e9rieures \u00e0 4.4.0",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-1173",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1173"
},
{
"name": "CVE-2012-2088",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2088"
}
],
"links": [],
"reference": "CERTFR-2014-AVI-499",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-11-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eF5\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 sol15863 du 25 novembre 2014",
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15863.html"
}
]
}
CERTFR-2014-AVI-395
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits F5. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IQ",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "FirePass",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "ARX",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "Enterprise Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-3505",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3505"
},
{
"name": "CVE-2014-3511",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3511"
},
{
"name": "CVE-2014-3507",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3507"
},
{
"name": "CVE-2014-3506",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3506"
}
],
"links": [],
"reference": "CERTFR-2014-AVI-395",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-09-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eF5\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 sol15573 du 09 septembre 2014",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 sol15564 du 05 septembre 2014",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html"
}
]
}
CERTFR-2014-AVI-291
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans les produits F5. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | BIG-IP | BIG-IP PSM (coté serveur) versions 11.3.0 et antérieures | ||
| F5 | BIG-IP | BIG-IP PEM (coté client) versions 11.5.1 et antérieures | ||
| F5 | BIG-IQ | BIG-IQ Device (coté client) versions 4.3.0 et antérieures | ||
| F5 | BIG-IP | BIG-IP WebAccelerator (coté serveur) versions 11.3.0 et antérieures | ||
| F5 | BIG-IP | BIG-IP LTM (coté serveur) versions 11.3.0 et antérieures | ||
| F5 | BIG-IP | BIG-IP ASM (coté serveur) versions 11.3.0 et antérieures | ||
| F5 | BIG-IP | BIG-IP Edge Gateway (coté serveur) versions 11.3.0 et antérieures | ||
| F5 | BIG-IQ | BIG-IQ Security (coté client) versions 4.3.0 et antérieures | ||
| F5 | N/A | Enterprise Manager (coté client) versions 3.1.1 et antérieures | ||
| F5 | BIG-IP | BIG-IP Analytics (coté client) versions 11.5.1 et antérieures | ||
| F5 | BIG-IP | BIG-IP APM (coté client) versions 11.5.1 et antérieures | ||
| F5 | BIG-IP | BIG-IP Link Controller (coté client) versions 11.5.1 et antérieures | ||
| F5 | BIG-IP | BIG-IP PEM (coté serveur) versions 11.3.0 et antérieures | ||
| F5 | BIG-IP | BIG-IP PSM (coté client) versions 11.4.1 et antérieures | ||
| F5 | BIG-IP | BIG-IP AFM (coté client) versions 11.5.1 et antérieures | ||
| F5 | BIG-IQ | BIG-IQ Cloud (coté client) versions 4.3.0 et antérieures | ||
| F5 | BIG-IP | BIG-IP WOM (coté client) versions 11.3.0 et antérieures | ||
| F5 | BIG-IP | BIG-IP ASM (coté client) versions 11.5.1 et antérieures | ||
| F5 | BIG-IP | BIG-IP AFM (coté serveur) versions 11.3.0 et antérieures | ||
| F5 | BIG-IP | BIG-IP Link Controller (coté serveur) versions 11.3.0 et antérieures | ||
| F5 | BIG-IP | BIG-IP Analytics (coté serveur) versions 11.3.0 et antérieures | ||
| F5 | BIG-IP | BIG-IP WOM (coté serveur) versions 11.3.0 et antérieures | ||
| F5 | BIG-IP | BIG-IP AAM (coté client) versions 11.5.1 et antérieures | ||
| F5 | BIG-IP | BIG-IP LTM (coté client) versions 11.5.1 et antérieures | ||
| F5 | BIG-IP | BIG-IP APM (coté serveur) versions 11.3.0 et antérieures | ||
| F5 | BIG-IP | BIG-IP GTM (coté client) versions 11.5.1 et antérieures | ||
| F5 | BIG-IP | BIG-IP GTM (coté serveur) versions 11.3.0 et antérieures |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IP PSM (cot\u00e9 serveur) versions 11.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP PEM (cot\u00e9 client) versions 11.5.1 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IQ Device (cot\u00e9 client) versions 4.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP WebAccelerator (cot\u00e9 serveur) versions 11.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP LTM (cot\u00e9 serveur) versions 11.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP ASM (cot\u00e9 serveur) versions 11.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Edge Gateway (cot\u00e9 serveur) versions 11.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IQ Security (cot\u00e9 client) versions 4.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "Enterprise Manager (cot\u00e9 client) versions 3.1.1 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Analytics (cot\u00e9 client) versions 11.5.1 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP APM (cot\u00e9 client) versions 11.5.1 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Link Controller (cot\u00e9 client) versions 11.5.1 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP PEM (cot\u00e9 serveur) versions 11.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP PSM (cot\u00e9 client) versions 11.4.1 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP AFM (cot\u00e9 client) versions 11.5.1 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IQ Cloud (cot\u00e9 client) versions 4.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP WOM (cot\u00e9 client) versions 11.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP ASM (cot\u00e9 client) versions 11.5.1 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP AFM (cot\u00e9 serveur) versions 11.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Link Controller (cot\u00e9 serveur) versions 11.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Analytics (cot\u00e9 serveur) versions 11.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP WOM (cot\u00e9 serveur) versions 11.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP AAM (cot\u00e9 client) versions 11.5.1 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP LTM (cot\u00e9 client) versions 11.5.1 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP APM (cot\u00e9 serveur) versions 11.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP GTM (cot\u00e9 client) versions 11.5.1 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP GTM (cot\u00e9 serveur) versions 11.3.0 et ant\u00e9rieures",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0195",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0195"
}
],
"links": [],
"reference": "CERTFR-2014-AVI-291",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-06-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les produits \u003cspan\nclass=\"textit\"\u003eF5\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 sol15356 du 20 juin 2014",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html"
}
]
}
CERTFR-2014-AVI-200
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits F5. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | BIG-IP | F5 BIG-IP GTM versions 10.0.0 à 10.2.4 | ||
| F5 | BIG-IP | F5 BIG-IP PSM versions 10.0.0 à 10.2.4 | ||
| F5 | BIG-IP | F5 BIG-IP GTM versions 11.0.0 à 11.5.1 | ||
| F5 | BIG-IP | F5 BIG-IP PEM versions 11.3.0 à 11.5.1 | ||
| F5 | BIG-IP | F5 BIG-IP WOM versions 10.0.0 à 10.2.4 | ||
| F5 | N/A | F5 Enterprise Manager versions 2.1.0 à 2.3.0 | ||
| F5 | BIG-IP | F5 BIG-IP APM versions 11.0.0 à 11.5.1 | ||
| F5 | BIG-IP | F5 BIG-IP APM versions 10.1.0 à 10.2.4 | ||
| F5 | BIG-IP | F5 BIG-IP LTM versions 11.0.0 à 11.5.1 | ||
| F5 | BIG-IP | F5 BIG-IP LTM versions 10.0.0 à 10.2.4 | ||
| F5 | BIG-IP | F5 BIG-IP ASM versions 10.0.0 à 10.2.4 | ||
| F5 | BIG-IP | F5 BIG-IP WOM versions 11.0.0 à 11.3.0 | ||
| F5 | BIG-IP | F5 BIG-IP Edge Gateway versions 10.1.0 à 10.2.4 | ||
| F5 | BIG-IP | F5 BIG-IP AAM versions 11.4.0 à 11.5.1 | ||
| F5 | N/A | F5 Enterprise Manager versions 3.0.0 à 3.1.1 | ||
| F5 | BIG-IP | F5 BIG-IP WebAccelerator versions 11.0.0 à 11.3.1 | ||
| F5 | BIG-IP | F5 BIG-IP Link Controller versions 11.0.0 à 11.5.1 | ||
| F5 | BIG-IP | F5 BIG-IP ASM versions 11.0.0 à 11.5.1 | ||
| F5 | BIG-IP | F5 BIG-IP WebAccelerator versions 10.0.0 à 10.2.4 | ||
| F5 | N/A | F5 ARX versions 6.0.0 à 6.4.0 | ||
| F5 | BIG-IP | F5 BIG-IP Edge Gateway versions 11.0.0 à 11.3.0 | ||
| F5 | BIG-IP | F5 BIG-IP Analytics versions 11.0.0 à 11.5.1 | ||
| F5 | BIG-IP | F5 BIG-IP PSM versions 11.0.0 à 11.4.1 | ||
| F5 | BIG-IP | F5 BIG-IP AFM versions 11.3.0 à 11.5.1 | ||
| F5 | BIG-IP | F5 BIG-IP Link Controller versions 10.0.0 à 10.2.4 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F5 BIG-IP GTM versions 10.0.0 \u00e0 10.2.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP PSM versions 10.0.0 \u00e0 10.2.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP GTM versions 11.0.0 \u00e0 11.5.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP PEM versions 11.3.0 \u00e0 11.5.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP WOM versions 10.0.0 \u00e0 10.2.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 Enterprise Manager versions 2.1.0 \u00e0 2.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP APM versions 11.0.0 \u00e0 11.5.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP APM versions 10.1.0 \u00e0 10.2.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP LTM versions 11.0.0 \u00e0 11.5.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP LTM versions 10.0.0 \u00e0 10.2.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP ASM versions 10.0.0 \u00e0 10.2.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP WOM versions 11.0.0 \u00e0 11.3.0",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP Edge Gateway versions 10.1.0 \u00e0 10.2.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP AAM versions 11.4.0 \u00e0 11.5.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 Enterprise Manager versions 3.0.0 \u00e0 3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP WebAccelerator versions 11.0.0 \u00e0 11.3.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP Link Controller versions 11.0.0 \u00e0 11.5.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP ASM versions 11.0.0 \u00e0 11.5.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP WebAccelerator versions 10.0.0 \u00e0 10.2.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 ARX versions 6.0.0 \u00e0 6.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP Edge Gateway versions 11.0.0 \u00e0 11.3.0",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP Analytics versions 11.0.0 \u00e0 11.5.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP PSM versions 11.0.0 \u00e0 11.4.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP AFM versions 11.3.0 \u00e0 11.5.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP Link Controller versions 10.0.0 \u00e0 10.2.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0050",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0050"
},
{
"name": "CVE-2013-4353",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4353"
},
{
"name": "CVE-2013-6450",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6450"
},
{
"name": "CVE-2010-3762",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3762"
}
],
"links": [],
"reference": "CERTFR-2014-AVI-200",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-04-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eF5\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 sol15180 du 17 avril 2014",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15180.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 sol15189 du 18 avril 2014",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15189.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 sol15158 du 17 avril 2014",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15158.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 sol15172 du 17 avril 2014",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15172.html"
}
]
}
CERTFR-2014-AVI-191
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans les produits F5. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | N/A | F5 FirePass version 7.0.0 | ||
| F5 | BIG-IQ | F5 BIG-IQ de la version 4.0.0 à la version 4.3.0 | ||
| F5 | BIG-IP | F5 BIG-IP de la version 10.0.0 à la version 10.2.4 | ||
| F5 | N/A | F5 Enterprise Manager de la version 3.0.0 à la version 3.1.1 | ||
| F5 | BIG-IP | F5 BIG-IP de la version 11.0.0 à la version 11.5.1 | ||
| F5 | N/A | F5 Enterprise Manager de la version 2.1.0 à la version 2.3.0 | ||
| F5 | N/A | F5 FirePass version 6.1.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F5 FirePass version 7.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IQ de la version 4.0.0 \u00e0 la version 4.3.0",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP de la version 10.0.0 \u00e0 la version 10.2.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 Enterprise Manager de la version 3.0.0 \u00e0 la version 3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 BIG-IP de la version 11.0.0 \u00e0 la version 11.5.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 Enterprise Manager de la version 2.1.0 \u00e0 la version 2.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 FirePass version 6.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-4113",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4113"
}
],
"links": [],
"reference": "CERTFR-2014-AVI-191",
"revisions": [
{
"description": "version initiale ;",
"revision_date": "2014-04-17T00:00:00.000000"
},
{
"description": "correction apport\u00e9e \u00e0 la r\u00e9f\u00e9rence CVE.",
"revision_date": "2014-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les produits \u003cspan\nclass=\"textit\"\u003eF5\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 SOL15169 du 14 avril 2014",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15169.html"
}
]
}
CERTA-2013-AVI-611
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans F5-ARX. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "5.0.0 \u00e0 5.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "6.0.0 \u00e0 6.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-2249",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2249"
},
{
"name": "CVE-2013-1896",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1896"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 sol14734 du 29 octobre 2013",
"url": "http://support.f5.com/kb/en-us/solutions/public/14000/700/sol14734.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 sol14733 du 29 octobre 2013",
"url": "http://support.f5.com/kb/en-us/solutions/public/14000/700/sol14733.html"
}
],
"reference": "CERTA-2013-AVI-611",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-10-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eF5-ARX\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans F5-ARX",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 sol14733 et sol14734 du 29 octobre 2013",
"url": null
}
]
}
CERTA-2013-AVI-285
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans F5 Bind. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | N/A | BIG-IP PSM versions 11.0.0 à 11.3.0 | ||
| F5 | N/A | BIG-IP LTM versions 11.0.0 à 11.3.0 | ||
| F5 | N/A | Enterprise Manager versions 3.0.0 à 3.1.0 | ||
| F5 | N/A | BIG-IP Analytics versions 11.0.0 à 11.3.0 | ||
| F5 | N/A | BIG-IP WebAccelerator versions 11.0.0 à 11.3.0 | ||
| F5 | N/A | BIG-IP PEM version 11.3.0 | ||
| F5 | N/A | BIG-IP ASM versions 11.0.0 à 11.3.0 | ||
| F5 | N/A | BIG-IP Edge Gateway versions 11.0.0 à 11.3.0 | ||
| F5 | N/A | BIG-IP APM versions 11.0.0 à 11.3.0 | ||
| F5 | N/A | BIG-IP AFM version 11.3.0 | ||
| F5 | N/A | BIG-IP GTM versions 11.0.0 à 11.3.0 | ||
| F5 | N/A | BIG-IP WOM versions 11.0.0 à 11.3.0 | ||
| F5 | N/A | BIG-IP Link Controller versions 11.0.0 à 11.3.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IP PSM versions 11.0.0 \u00e0 11.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP LTM versions 11.0.0 \u00e0 11.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "Enterprise Manager versions 3.0.0 \u00e0 3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Analytics versions 11.0.0 \u00e0 11.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP WebAccelerator versions 11.0.0 \u00e0 11.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP PEM version 11.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP ASM versions 11.0.0 \u00e0 11.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Edge Gateway versions 11.0.0 \u00e0 11.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP APM versions 11.0.0 \u00e0 11.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP AFM version 11.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP GTM versions 11.0.0 \u00e0 11.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP WOM versions 11.0.0 \u00e0 11.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Link Controller versions 11.0.0 \u00e0 11.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-2266",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2266"
}
],
"links": [],
"reference": "CERTA-2013-AVI-285",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-05-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eF5\nBind\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans F5 Bind",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 sol14386 du 01 mai 2013",
"url": "http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14386.html?sr=29159689"
}
]
}
CERTA-2012-AVI-600
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans F5 FirePass. Elle permet à un attaquant d'injecter du code SQL dans le contrôleur de F5 FirePass, ce qui provoque une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F5 FirePass version 7.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 FirePass de la version 6.0.0 \u00e0 la version 6.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 sol13656 du 11 juin 2012 :",
"url": "http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13656.html"
}
],
"reference": "CERTA-2012-AVI-600",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-10-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eF5\nFirePass\u003c/span\u003e. Elle permet \u00e0 un attaquant d\u0027injecter du code SQL dans\nle contr\u00f4leur de \u003cspan class=\"textit\"\u003eF5 FirePass\u003c/span\u003e, ce qui\nprovoque une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans F5 FirePass",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 du 11 juin 2012",
"url": null
}
]
}
CERTA-2012-AVI-195
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans le produit F5 FirePass. Cette vulnérabilité est de type « injection SQL » et est accessible à distance sans authentification. Il est à noter que la base MySQL est exécutée avec les droits root et que les accès FILE sont activés.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "F5 FirePass version 6.0.0 \u00e0 6.1.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 FirePass 7.0.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1777"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 de F5 sol13463 du 14 mars 2012 :",
"url": "http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html"
}
],
"reference": "CERTA-2012-AVI-195",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-04-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans le produit \u003cspan class=\"textit\"\u003eF5\nFirePass\u003c/span\u003e. Cette vuln\u00e9rabilit\u00e9 est de type \u00ab injection SQL \u00bb et\nest accessible \u00e0 distance sans authentification. Il est \u00e0 noter que la\nbase \u003cspan class=\"textit\"\u003eMySQL\u003c/span\u003e est ex\u00e9cut\u00e9e avec les droits\n\u003cspan class=\"textit\"\u003eroot\u003c/span\u003e et que les acc\u00e8s \u003cspan\nclass=\"textit\"\u003eFILE\u003c/span\u003e sont activ\u00e9s.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans F5 FirePass",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 sol13463 du 14 mars 2012",
"url": null
}
]
}
CERTA-2010-AVI-322
Vulnerability from certfr_avis - Published: - Updated:
Deux vulnérabilités dans F5 FirePass permettent de contourner la politique de sécurité ou d'effectuer une injection de code indirecte.
Description
Deux vulnérabilités ont été découvertes dans F5 FirePass :
- une vulnérabilité de type injection de code indirecte est présente dans la page de pré-authentification ;
- une erreur dans la gestion de la séquence d'authentification permet à une personne malintentionnée de contourner la phase de vérification de conformité de la machine avant l'accès à la page d'authentification.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FirePass version 5.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "FirePass version 6.x.",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 FirePass :\n\n- une vuln\u00e9rabilit\u00e9 de type injection de code indirecte est pr\u00e9sente\n dans la page de pr\u00e9-authentification ;\n- une erreur dans la gestion de la s\u00e9quence d\u0027authentification permet\n \u00e0 une personne malintentionn\u00e9e de contourner la phase de\n v\u00e9rification de conformit\u00e9 de la machine avant l\u0027acc\u00e8s \u00e0 la page\n d\u0027authentification.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 SOL11797 du 07 jullet 2010 :",
"url": "http://support.f5.com/kb/en-us/solutions/public/11000/700/sol11797.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 SOL11795 du 07 jullet 2010 :",
"url": "http://support.f5.com/kb/en-us/solutions/public/11000/700/sol11795.html"
}
],
"reference": "CERTA-2010-AVI-322",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-07-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s dans F5 FirePass permettent de contourner la\npolitique de s\u00e9curit\u00e9 ou d\u0027effectuer une injection de code indirecte.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans F5 FirePass",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 F5 SOL11795 et SOL11797 du 07 juillet 2010",
"url": null
}
]
}