Refine your search
5 vulnerabilities found for NGINX Ingress Controller by F5
CERTFR-2024-AVI-0952
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits F5. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | NGINX Ingress Controller | NGINX Ingress Controller versions antérieures à 3.7.1 | ||
| F5 | NGINX Plus | NGINX Plus toutes versions | ||
| F5 | NGINX API Connectivity Manager | NGINX API Connectivity Manager versions 1.x postérieures à 1.3.0 et antérieures à 1.9.3 | ||
| F5 | NGINX Instance Manager | NGINX Instance Manager versions 2.x postérieures à 2.5.0 et antérieures à 2.17.4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NGINX Ingress Controller versions ant\u00e9rieures \u00e0 3.7.1",
"product": {
"name": "NGINX Ingress Controller",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Plus toutes versions",
"product": {
"name": "NGINX Plus",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX API Connectivity Manager versions 1.x post\u00e9rieures \u00e0 1.3.0 et ant\u00e9rieures \u00e0 1.9.3",
"product": {
"name": "NGINX API Connectivity Manager",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Instance Manager versions 2.x post\u00e9rieures \u00e0 2.5.0 et ant\u00e9rieures \u00e0 2.17.4",
"product": {
"name": "NGINX Instance Manager",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-10318",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10318"
}
],
"initial_release_date": "2024-11-08T00:00:00",
"last_revision_date": "2024-11-08T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0952",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits F5. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits F5",
"vendor_advisories": [
{
"published_at": "2024-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000148232",
"url": "https://my.f5.com/manage/s/article/K000148232"
}
]
}
CERTFR-2023-AVI-0837
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | NGINX | NGINX OSS versions 1.9.5 à 1.25.2 | ||
| F5 | BIG-IP | BIG-IP (tous modules) versions 16.1.x antérieures à 16.1.4.1 avec le correctif de sécurité Hotfix-BIGIP-16.1.4.1.0.13.5-ENG | ||
| F5 | BIG-IQ | BIG-IQ Centralized Management versions 8.0.0 à 8.3.0 antérieures à 8.3.0 avec le correctif Hotfix-BIG-IQ-8.3.0.0.12.118-ENG | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 1.5.0 à 1.8.2 | ||
| F5 | BIG-IP | BIG-IP (APM) versions 16.1.0 à 16.1.3 antérieures à 16.1.4 | ||
| F5 | NGINX Ingress Controller | NGINX Ingress Controller versions 3.0.0 à 3.3.0 | ||
| F5 | BIG-IP | BIG-IP (Advanced WAF/ASM) versions 16.1.x antérieures à 16.1.4 | ||
| F5 | NGINX Plus | NGINX Plus verions R25 à R30 antérieures à R30 P1 | ||
| F5 | BIG-IP | BIG-IP (DNS, LTM avec le license DNS Services activée) versions 13.1.x, 14.1.x, 15.1.x antérieures à 15.1.9 | ||
| F5 | NGINX Ingress Controller | NGINX Ingress Controller versions 2.0.0 à 2.4.2 | ||
| F5 | BIG-IP | BIG-IP (DNS, LTM avec le license DNS Services activée) versions 16.1.x antérieures à 16.1.4 | ||
| F5 | NGINX Ingress Controller | NGINX Ingress Controller versions 1.12.2 à 1.12.5 | ||
| F5 | BIG-IP Next | BIG-IP Next CNF versions 1.1.0 à 1.1.1 | ||
| F5 | NGINX | NGINX App Protect WAF versions 3.3.0 à 3.12.2 et 4.x antérieures à 4.2.0 | ||
| F5 | BIG-IP | BIG-IP (Advanced WAF/ASM) versions 13.1.x, 14.1.x, 15.1.x antérieures à 15.1.9 | ||
| F5 | N/A | APM Clients versions 7.2.3.x, 7.2.4.x antérieures à 7.2.4.5 | ||
| F5 | BIG-IP Next | BIG-IP Next (tous modules) version 20.0.1 | ||
| F5 | BIG-IP | BIG-IP (tous modules) versions 13.1.x, 14.1.x, 15.1.x antérieures à 15.1.10.2 | ||
| F5 | BIG-IP | BIG-IP (tous modules) versions 17.1.x antérieures à 17.1.0.3 avec le correctif de sécurité Hotfix-BIGIP-17.1.0.3.0.23.4-ENG | ||
| F5 | BIG-IP | BIG-IP (APM) versions 14.1.x, 15.1.x antérieures à 15.1.9 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NGINX OSS versions 1.9.5 \u00e0 1.25.2",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous modules) versions 16.1.x ant\u00e9rieures \u00e0 16.1.4.1 avec le correctif de s\u00e9curit\u00e9 Hotfix-BIGIP-16.1.4.1.0.13.5-ENG",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IQ Centralized Management versions 8.0.0 \u00e0 8.3.0 ant\u00e9rieures \u00e0 8.3.0 avec le correctif Hotfix-BIG-IQ-8.3.0.0.12.118-ENG",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 1.5.0 \u00e0 1.8.2",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (APM) versions 16.1.0 \u00e0 16.1.3 ant\u00e9rieures \u00e0 16.1.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Ingress Controller versions 3.0.0 \u00e0 3.3.0",
"product": {
"name": "NGINX Ingress Controller",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (Advanced WAF/ASM) versions 16.1.x ant\u00e9rieures \u00e0 16.1.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Plus verions R25 \u00e0 R30 ant\u00e9rieures \u00e0 R30 P1",
"product": {
"name": "NGINX Plus",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (DNS, LTM avec le license DNS Services activ\u00e9e) versions 13.1.x, 14.1.x, 15.1.x ant\u00e9rieures \u00e0 15.1.9",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Ingress Controller versions 2.0.0 \u00e0 2.4.2",
"product": {
"name": "NGINX Ingress Controller",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (DNS, LTM avec le license DNS Services activ\u00e9e) versions 16.1.x ant\u00e9rieures \u00e0 16.1.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Ingress Controller versions 1.12.2 \u00e0 1.12.5",
"product": {
"name": "NGINX Ingress Controller",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next CNF versions 1.1.0 \u00e0 1.1.1",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX App Protect WAF versions 3.3.0 \u00e0 3.12.2 et 4.x ant\u00e9rieures \u00e0 4.2.0",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (Advanced WAF/ASM) versions 13.1.x, 14.1.x, 15.1.x ant\u00e9rieures \u00e0 15.1.9",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "APM Clients versions 7.2.3.x, 7.2.4.x ant\u00e9rieures \u00e0 7.2.4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next (tous modules) version 20.0.1",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous modules) versions 13.1.x, 14.1.x, 15.1.x ant\u00e9rieures \u00e0 15.1.10.2",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous modules) versions 17.1.x ant\u00e9rieures \u00e0 17.1.0.3 avec le correctif de s\u00e9curit\u00e9 Hotfix-BIGIP-17.1.0.3.0.23.4-ENG",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (APM) versions 14.1.x, 15.1.x ant\u00e9rieures \u00e0 15.1.9",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40542",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40542"
},
{
"name": "CVE-2023-5450",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5450"
},
{
"name": "CVE-2023-41373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41373"
},
{
"name": "CVE-2023-43746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43746"
},
{
"name": "CVE-2023-40537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40537"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-41085",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41085"
},
{
"name": "CVE-2023-41253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41253"
},
{
"name": "CVE-2023-42768",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42768"
},
{
"name": "CVE-2023-43611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43611"
},
{
"name": "CVE-2023-45226",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45226"
},
{
"name": "CVE-2023-45219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45219"
},
{
"name": "CVE-2023-41964",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41964"
},
{
"name": "CVE-2023-39447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39447"
},
{
"name": "CVE-2023-40534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40534"
},
{
"name": "CVE-2023-43485",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43485"
}
],
"initial_release_date": "2023-10-12T00:00:00",
"last_revision_date": "2023-10-12T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0837",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000137053 du 10 octobre 2023",
"url": "https://my.f5.com/manage/s/article/K000137053"
}
]
}
CERTFR-2022-AVI-937
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | BIG-IP | BIG-IP (all modules) versions 14.1.x antérieures à 14.1.5.2 | ||
| F5 | NGINX Plus | NGINX Plus R26 P1 ou R27 P1 | ||
| F5 | BIG-IP | BIG-IP (all modules) versions 17.0.x antérieures à 17.0.0.1 | ||
| F5 | NGINX Ingress Controller | NGINX Ingress Controller toutes versions | ||
| F5 | BIG-IP | BIG-IP (all modules) versions 16.1.x antérieures à 16.1.3.2 | ||
| F5 | NGINX | NGINX App Protect WAF versions antérieures à 3.12 | ||
| F5 | BIG-IP | BIG-IP (all modules) versions 15.1.x antérieures à 15.1.7 | ||
| F5 | NGINX | NGINX Open Source versions 1.22.x antérieures à 1.22.1 | ||
| F5 | BIG-IP | BIG-IP (all modules) versions 13.1.x antérieures à 13.1.5.1 | ||
| F5 | NGINX | NGINX Open Source versions 1.23.x antérieures à 1.23.2 | ||
| F5 | NGINX | NGINX Open Source Subscription R1 P1 ou R2 P1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IP (all modules) versions 14.1.x ant\u00e9rieures \u00e0 14.1.5.2",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Plus R26 P1 ou R27 P1",
"product": {
"name": "NGINX Plus",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (all modules) versions 17.0.x ant\u00e9rieures \u00e0 17.0.0.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Ingress Controller toutes versions",
"product": {
"name": "NGINX Ingress Controller",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (all modules) versions 16.1.x ant\u00e9rieures \u00e0 16.1.3.2",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX App Protect WAF versions ant\u00e9rieures \u00e0 3.12",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (all modules) versions 15.1.x ant\u00e9rieures \u00e0 15.1.7",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Open Source versions 1.22.x ant\u00e9rieures \u00e0 1.22.1",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (all modules) versions 13.1.x ant\u00e9rieures \u00e0 13.1.5.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Open Source versions 1.23.x ant\u00e9rieures \u00e0 1.23.2",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Open Source Subscription R1 P1 ou R2 P1",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-36795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36795"
},
{
"name": "CVE-2022-41770",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41770"
},
{
"name": "CVE-2022-41787",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41787"
},
{
"name": "CVE-2022-41691",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41691"
},
{
"name": "CVE-2022-41813",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41813"
},
{
"name": "CVE-2022-41694",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41694"
},
{
"name": "CVE-2022-41741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41741"
},
{
"name": "CVE-2022-41742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
},
{
"name": "CVE-2022-41836",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41836"
},
{
"name": "CVE-2022-41624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41624"
},
{
"name": "CVE-2022-41833",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41833"
},
{
"name": "CVE-2022-41806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41806"
},
{
"name": "CVE-2022-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41617"
},
{
"name": "CVE-2022-41832",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41832"
},
{
"name": "CVE-2022-41983",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41983"
},
{
"name": "CVE-2022-41743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41743"
}
],
"initial_release_date": "2022-10-20T00:00:00",
"last_revision_date": "2022-10-20T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K11830089 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K11830089"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K02694732 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K02694732"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K30425568 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K30425568"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K28112382 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K28112382"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K70569537 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K70569537"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K01112063 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K01112063"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K81926432 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K81926432"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K27155546 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K27155546"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K10347453 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K10347453"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K49237345 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K49237345"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K22505850 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K22505850"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K24823443 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K24823443"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K47204506 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K47204506"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K31523465 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K31523465"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K52494562 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K52494562"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K43024307 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K43024307"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K93723284 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K93723284"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K00721320 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K00721320"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 F5 K04712583 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K04712583"
}
],
"reference": "CERTFR-2022-AVI-937",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K76934290 du 19 octobre 2022",
"url": "https://support.f5.com/csp/article/K76934290"
}
]
}
CERTFR-2022-AVI-704
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | BIG-IP | BIG-IP (tous modules) versions 16.x antérieures à 16.1.3.1 | ||
| F5 | BIG-IP | BIG-IP (tous modules) versions 17.x antérieures à 17.0.0.1 | ||
| F5 | BIG-IP | BIG-IP (tous modules) versions 15.x antérieures à 15.1.6.1 | ||
| F5 | NGINX Instance Manager | NGINX Instance Manager versions 2.x antérieures à 2.3.1 | ||
| F5 | BIG-IQ | BIG-IQ Centralized Management versions 8.x antérieures à 8.2.0 | ||
| F5 | NGINX Ingress Controller | NGINX Ingress Controller versions 2.x antérieures à 2.3.0 | ||
| F5 | BIG-IP | BIG-IP (tous modules) versions 14.x antérieures à 14.1.5.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IP (tous modules) versions 16.x ant\u00e9rieures \u00e0 16.1.3.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous modules) versions 17.x ant\u00e9rieures \u00e0 17.0.0.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous modules) versions 15.x ant\u00e9rieures \u00e0 15.1.6.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Instance Manager versions 2.x ant\u00e9rieures \u00e0 2.3.1",
"product": {
"name": "NGINX Instance Manager",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IQ Centralized Management versions 8.x ant\u00e9rieures \u00e0 8.2.0",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Ingress Controller versions 2.x ant\u00e9rieures \u00e0 2.3.0",
"product": {
"name": "NGINX Ingress Controller",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous modules) versions 14.x ant\u00e9rieures \u00e0 14.1.5.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-31473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31473"
},
{
"name": "CVE-2022-35240",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35240"
},
{
"name": "CVE-2022-33203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33203"
},
{
"name": "CVE-2022-30535",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30535"
},
{
"name": "CVE-2022-35241",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35241"
},
{
"name": "CVE-2022-35243",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35243"
},
{
"name": "CVE-2022-34865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34865"
},
{
"name": "CVE-2022-35236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35236"
},
{
"name": "CVE-2022-34862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34862"
},
{
"name": "CVE-2022-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35728"
},
{
"name": "CVE-2022-34651",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34651"
},
{
"name": "CVE-2022-35272",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35272"
},
{
"name": "CVE-2022-34655",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34655"
},
{
"name": "CVE-2022-32455",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32455"
},
{
"name": "CVE-2022-35245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35245"
},
{
"name": "CVE-2022-33947",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33947"
},
{
"name": "CVE-2022-35735",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35735"
},
{
"name": "CVE-2022-34844",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34844"
},
{
"name": "CVE-2022-33968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33968"
},
{
"name": "CVE-2022-34851",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34851"
},
{
"name": "CVE-2022-33962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33962"
}
],
"initial_release_date": "2022-08-04T00:00:00",
"last_revision_date": "2022-08-04T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-704",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K14649763 du 03 ao\u00fbt 2022",
"url": "https://support.f5.com/csp/article/K14649763"
}
]
}
CERTFR-2021-AVI-871
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans F5 NGINX Ingress Controller. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | NGINX Ingress Controller | NGINX Ingress Controller versions 1.x antérieures à 1.12.2 | ||
| F5 | NGINX Ingress Controller | NGINX Ingress Controller versions 2.x antérieures à 2.0.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NGINX Ingress Controller versions 1.x ant\u00e9rieures \u00e0 1.12.2",
"product": {
"name": "NGINX Ingress Controller",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Ingress Controller versions 2.x ant\u00e9rieures \u00e0 2.0.2",
"product": {
"name": "NGINX Ingress Controller",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-23055",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23055"
}
],
"initial_release_date": "2021-11-12T00:00:00",
"last_revision_date": "2021-11-12T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-871",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-11-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans F5 NGINX Ingress Controller.\nElle permet \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans F5 NGINX Ingress Controller",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K01051452 du 11 novembre 2021",
"url": "https://support.f5.com/csp/article/K01051452"
}
]
}