CVE-2023-45226

The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Published: Oct 10, 2023
Updated: Oct 11, 2023
CVE: CVE-2023-45226
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.4
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-798

Affected Software
References

Software	From	Fixed in
f5 / big-ip_next_service_proxy_for_kubernetes	1.5.0	1.5.0.x

https://my.f5.com/manage/s/article/K000135874

Vulnerability Database

289,598

CVE-2023-45226