CVE-2023-45226
Last modified
CVE-2023-45226 is a high-severity vulnerability rated 7.4/10 on the CVSS scale. The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Next Service Proxy For Kubernetes | 1.5.0 |
References
- https://my.f5.com/manage/s/article/K000135874Vendor Advisory
- https://my.f5.com/manage/s/article/K000135874Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-45226?
How severe is CVE-2023-45226?
How do I fix CVE-2023-45226?
Are you affected by CVE-2023-45226?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST