← Back

CVE-2023-45226

nvd nist
Published: Oct 10, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.4
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 2.2 / Impact: 5.2
Source: NVD

Description

The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected (1)

F5
1 product
Big Ip Next Service Proxy For Kubernetes
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Big Ip Next Service Proxy For Kubernetes
Version 1.5.0

Related CWEs

CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

Source: f5sirt@f5.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.