CVE-2023-45226
low-risk
Published 2023-10-10
The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Do I need to act?
-
0.57% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.4/10
High
NETWORK
/ HIGH complexity
Affected Products (1)
Affected Vendors
References (2)
Vendor Advisory
https://my.f5.com/manage/s/article/K000135874
Vendor Advisory
https://my.f5.com/manage/s/article/K000135874
29
/ 100
low-risk
Severity
22/34 · High
Exploitability
2/34 · Minimal
Exposure
5/34 · Minimal