Abramov Nikita

**Name of the Vulnerable Software and Affected Versions** BIG-IP versions 11.6.1 through 11.6.5.2 BIG-IP versions 12.1.0 through 12.1.5.2 BIG-IP versions 13.1.0 through 13.1.3.5 BIG-IP versions 14.1.0 through 14.1.3 BIG-IP versions 15.1.0 through 15.1.0.5 **Description** When a BIG-IP APM virtual server processes traffic of an undisclosed nature, the Traffic Management Microkernel (TMM) stops responding and restarts. **Recommendations** For versions 11.6.1 through 11.6.5.2, update to a version outside of this range to resolve the issue. For versions 12.1.0 through 12.1.5.2, update to a version outside of this range to resolve the issue. For versions 13.1.0 through 13.1.3.5, update to a version outside of this range to resolve the issue. For versions 14.1.0 through 14.1.3, update to a version outside of this range to resolve the issue. For versions 15.1.0 through 15.1.0.5, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco Integrated Management Controller (IMC) (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) that could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. These vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system, potentially leading to an exploitable buffer overflow condition. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SonicOS versions 6.0.5.3 and earlier SonicOS versions 6.5.1.11-4n and earlier SonicOS versions 6.5.4.7-79n and earlier SonicOSv versions 6.5.4.4-44v-21-794 and earlier SonicOS version 7.0.0.0-1 **Description** A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. The vulnerability is related to a lack of size checking for copied data. This issue can be exploited without logging in. **Recommendations** For SonicOS version 6.0.5.3 and earlier, update to a version that includes the fix for this issue. For SonicOS version 6.5.1.11-4n and earlier, update to a version that includes the fix for this issue. For SonicOS version 6.5.4.7-79n and earlier, update to a version that includes the fix for this issue. For SonicOSv version 6.5.4.4-44v-21-794 and earlier, update to a version that includes the fix for this issue. For SonicOS version 7.0.0.0-1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the vulnerable SonicOS versions until a patch is available.