Vulnerabilities > CVE-2012-1493 - Credentials Management vulnerability in F5 products

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

NONE

network

low complexity

CWE-255

nessus

exploit available

metasploit

NVD

Published: 2012-07-09

Updated: 2012-07-10

Summary

F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Application Security Manager 9.2.0 F5 BIG IP Application Security Manager 9.4.4 F5 BIG IP Application Security Manager 9.4.5 F5 BIG IP Application Security Manager 9.4.6 F5 BIG IP Application Security Manager 9.4.7 F5 BIG IP Application Security Manager 9.4.8 F5 BIG IP Application Security Manager 10.0.0 F5 BIG IP Application Security Manager 10.0.1 F5 BIG IP Application Security Manager 10.2.3 F5 BIG IP Application Security Manager 11.0.0 F5 BIG IP Application Security Manager 11.1.0 F5 BIG IP Global Traffic Manager * F5 BIG IP Global Traffic Manager 9.2.2 F5 BIG IP Global Traffic Manager 9.4.8 F5 BIG IP Global Traffic Manager 10.0.0 F5 BIG IP Global Traffic Manager 10.2.3 F5 BIG IP Global Traffic Manager 11.0.0 F5 BIG IP Global Traffic Manager 11.1.0 F5 BIG IP Local Traffic Manager * F5 BIG IP Local Traffic Manager 9.0.0 F5 BIG IP Local Traffic Manager 9.4.8 F5 BIG IP Local Traffic Manager 10.0.0 F5 BIG IP Local Traffic Manager 10.2.3 F5 BIG IP Local Traffic Manager 11.0.0 F5 BIG IP Local Traffic Manager 11.1.0 F5 Enterprise Manager * F5 Enterprise Manager 1.0 F5 Enterprise Manager 2.0 F5 Enterprise Manager 2.1.0 F5 Enterprise Manager 2.2.0 F5 Enterprise Manager 2.3.0	40
OS	F5 F5 Tmos * F5 Tmos 2.0 F5 Tmos 4.0 F5 Tmos 4.2 F5 Tmos 4.3 F5 Tmos 4.4 F5 Tmos 4.5 F5 Tmos 4.5.6 F5 Tmos 4.5.9 F5 Tmos 4.5.10 F5 Tmos 4.5.11 F5 Tmos 4.5.12 F5 Tmos 4.6 F5 Tmos 4.6.2 F5 Tmos 9.0 F5 Tmos 9.0.1 F5 Tmos 9.0.2 F5 Tmos 9.0.3 F5 Tmos 9.0.4 F5 Tmos 9.0.5 F5 Tmos 9.1 F5 Tmos 9.1.1 F5 Tmos 9.1.2 F5 Tmos 9.1.3 F5 Tmos 9.2 F5 Tmos 9.2.2 F5 Tmos 9.2.3 F5 Tmos 9.2.4 F5 Tmos 9.2.5 F5 Tmos 9.3 F5 Tmos 9.3.1 F5 Tmos 9.4 F5 Tmos 9.4.1 F5 Tmos 9.4.2 F5 Tmos 9.4.3 F5 Tmos 9.4.4 F5 Tmos 9.4.5 F5 Tmos 9.4.6 F5 Tmos 9.4.7 F5 Tmos 9.4.8 F5 Tmos 9.6.0 F5 Tmos 9.6.1 F5 Tmos 10.0.0 F5 Tmos 10.0.1 F5 Tmos 10.1.0 F5 Tmos 10.2.0	46
Hardware	F5 F5 BIG IP 1000 * F5 BIG IP 11000 * F5 BIG IP 11050 * F5 BIG IP 1500 * F5 BIG IP 1600 * F5 BIG IP 2400 * F5 BIG IP 3400 * F5 BIG IP 3410 * F5 BIG IP 3600 * F5 BIG IP 3900 * F5 BIG IP 4100 * F5 BIG IP 5100 * F5 BIG IP 5110 * F5 BIG IP 6400 * F5 BIG IP 6800 * F5 BIG IP 6900 * F5 BIG IP 8400 * F5 BIG IP 8800 * F5 BIG IP 8900 * F5 BIG IP 8950 * F5 Enterprise Manager * F5 Enterprise Manager 1.0 F5 Enterprise Manager 2.0 F5 Enterprise Manager 2.1.0 F5 Enterprise Manager 2.2.0 F5 Enterprise Manager 2.3.0	28

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

description	F5 BIG-IP SSH Private Key Exposure. CVE-2012-1493. Remote exploit for hardware platform
id	EDB-ID:19099
last seen	2016-02-02
modified	2012-06-13
published	2012-06-13
reporter	metasploit
source	https://www.exploit-db.com/download/19099/
title	F5 BIG-IP - SSH Private Key Exposure

description	F5 BIG-IP Remote Root Authentication Bypass Vulnerability. CVE-2012-1493. Dos exploit for hardware platform
id	EDB-ID:19064
last seen	2016-02-02
modified	2012-06-11
published	2012-06-11
reporter	Florent Daigniere
source	https://www.exploit-db.com/download/19064/
title	F5 BIG-IP Remote Root Authentication Bypass Vulnerability

description	F5 BIG-IP Remote Root Authentication Bypass Vulnerability. CVE-2012-1493. Remote exploit for hardware platform
id	EDB-ID:19091
last seen	2016-02-02
modified	2012-06-12
published	2012-06-12
reporter	David Kennedy (ReL1K)
source	https://www.exploit-db.com/download/19091/
title	F5 BIG-IP Remote Root Authentication Bypass Vulnerability

Metasploit

description	F5 ships a public/private key pair on BIG-IP appliances that allows passwordless authentication to any other BIG-IP box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root.
id	MSF:EXPLOIT/LINUX/SSH/F5_BIGIP_KNOWN_PRIVKEY
last seen	2020-06-10
modified	2020-02-18
published	2012-06-12
references	https://www.trustmatta.com/advisories/MATTA-2012-002.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1493 https://blog.rapid7.com/2012/06/25/press-f5-for-root-shell
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/ssh/f5_bigip_known_privkey.rb
title	F5 BIG-IP SSH Private Key Exposure

Nessus

NASL family	Gain a shell remotely
NASL id	SSH_STATIC_KEYS.NASL
description	The SSH server on the remote host accepts a publicly known static SSH private key for authentication. A remote attacker can log in to this host using this publicly known private key.
last seen	2020-06-01
modified	2020-06-02
plugin id	73920
published	2014-05-08
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/73920
title	SSH Static Key Accepted

NASL family	Gain a shell remotely
NASL id	F5_ROOT_AUTH_BYPASS.NASL
description	The remote F5 device has an authentication bypass vulnerability. The SSH private key for the root user is publicly known. A remote, unauthenticated attacker could exploit this to login as root.
last seen	2020-06-01
modified	2020-06-02
plugin id	59477
published	2012-06-13
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/59477
title	F5 Multiple Products Root Authentication Bypass

Packetstorm

data source	https://packetstormsecurity.com/files/download/113526/MATTA-2012-002.txt
id	PACKETSTORM:113526
last seen	2016-12-05
published	2012-06-12
reporter	Florent Daigniere
source	https://packetstormsecurity.com/files/113526/F5-BIG-IP-Remote-Root-Authentication-Bypass.html
title	F5 BIG-IP Remote Root Authentication Bypass

data source	https://packetstormsecurity.com/files/download/113577/f5_bigip_known_privkey.rb.txt
id	PACKETSTORM:113577
last seen	2016-12-05
published	2012-06-12
reporter	egypt
source	https://packetstormsecurity.com/files/113577/F5-BIG-IP-SSH-Private-Key-Exposure.html
title	F5 BIG-IP SSH Private Key Exposure

Saint

bid	53897
description	F5 BIG-IP SSH private key
osvdb	82780
title	ssh_bigip
type	remote

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:73034
last seen	2017-11-19
modified	2014-07-01
published	2014-07-01
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-73034
title	F5 BIG-IP Remote Root Authentication Bypass Vulnerability

bulletinFamily	exploit
description	No description provided by source.
id	SSV:60202
last seen	2017-11-19
modified	2012-06-11
published	2012-06-11
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-60202
title	F5 BIG-IP remote root authentication bypass Vulnerability(CVE-2012-1493)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Metasploit

Nessus

Packetstorm

Saint

Seebug

References