In BIG-IP Versions 17.0.x before 22.214.171.124, 16.1.x before 126.96.36.199, 15.1.x before 188.8.131.52, 14.1.x before 184.108.40.206, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CWE-125 - Out-of-Bounds Read
Out-of-bounds read is a vulnerability that allows access to memory beyond the authorized accessible location. Such a vulnerability compromises the confidentiality of the trusted environment in the application and enables an attacker to launch further attacks by leveraging the exposed information.