Known Vulnerabilities for products from F5
Listed below are 20 of the newest known vulnerabilities associated with the vendor "F5".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by F5 can be found at device.report : F5
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-27784 | The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an at... | Not Provided | 2026-03-24 | 2026-03-30 |
| CVE-2026-27651 | When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause work... | Not Provided | 2026-03-24 | 2026-03-30 |
| CVE-2025-53521 | When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Executi... | Not Provided | 2025-10-15 | 2026-03-31 |
| CVE-2023-46748 | An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated at... | 8.8 - HIGH | 2023-10-26 | 2024-02-01 |
| CVE-2023-46747 | Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-... | 9.8 - CRITICAL | 2023-10-26 | 2024-02-01 |
| CVE-2023-45226 | The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials ... | 7.4 - HIGH | 2023-10-10 | 2023-10-18 |
| CVE-2023-45219 | Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an ... | 4.4 - MEDIUM | 2023-10-10 | 2023-10-18 |
| CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many stre... | 7.5 - HIGH | 2023-10-10 | 2024-02-02 |
| CVE-2023-43746 | When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode r... | 8.7 - HIGH | 2023-10-10 | 2023-11-02 |
| CVE-2023-43611 | The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation pr... | 7.8 - HIGH | 2023-10-10 | 2023-10-18 |
| CVE-2023-43485 | When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log... | 5.5 - MEDIUM | 2023-10-10 | 2023-10-17 |
| CVE-2023-43125 | BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Techni... | 8.2 - HIGH | 2023-09-27 | 2023-10-02 |
| CVE-2023-43124 | BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Techn... | 7.1 - HIGH | 2023-09-27 | 2023-09-29 |
| CVE-2023-42768 | When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is ... | 7.2 - HIGH | 2023-10-10 | 2023-10-17 |
| CVE-2023-41964 | The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Softwar... | 6.5 - MEDIUM | 2023-10-10 | 2023-10-17 |
| CVE-2023-41373 | A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to e... | 9.9 - CRITICAL | 2023-10-10 | 2023-10-17 |
| CVE-2023-41253 | When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in ... | 5.5 - MEDIUM | 2023-10-10 | 2023-10-17 |
| CVE-2023-41085 | When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions whi... | 7.5 - HIGH | 2023-10-10 | 2023-10-17 |
| CVE-2023-40542 | When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause ... | 7.5 - HIGH | 2023-10-10 | 2023-10-17 |
| CVE-2023-40537 | An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration u... | 8.1 - HIGH | 2023-10-10 | 2023-10-19 |
Known software with vulnerabilities from F5
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | F5 | 3 Dns | - |
| Application | F5 | Access Policy Manager Clients | 7.1.5 |
| Hardware | F5 | Arx | - |
| Application | F5 | Arx | 6.0.0 |
| Application | F5 | Arx Data Manager | 3.0.0 |
| Operating System | F5 | Arx Firmware | 6.0.0 |
| Hardware | F5 | Big-ip | - |
| Application | F5 | Big-ip | - |
| Hardware | F5 | Big-ip 1000 | - |
| Hardware | F5 | Big-ip 11050 | - |
| Hardware | F5 | Big-ip 1500 | - |
| Hardware | F5 | Big-ip 1600 | - |
| Hardware | F5 | Big-ip 2000 | c112 |
| Hardware | F5 | Big-ip 2000s | - |
| Hardware | F5 | Big-ip 2200s | - |
| Hardware | F5 | Big-ip 2400 | - |
| Hardware | F5 | Big-ip 3400 | - |
| Hardware | F5 | Big-ip 3410 | - |
| Hardware | F5 | Big-ip 3600 | - |
| Hardware | F5 | Big-ip 3900 | - |