Vulnerabilities > CVE-2023-45226 - Unspecified vulnerability in F5 Big-Ip Next Service Proxy for Kubernetes 1.5.0

CVSS 7.4 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

high complexity

NVD

Published: 2023-10-10

Updated: 2024-11-21

Summary

The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Next Service Proxy FOR Kubernetes 1.5.0	1

References

https://my.f5.com/manage/s/article/K000135874
https://my.f5.com/manage/s/article/K000135874