CVSS: 6.6EPSS: 0%CPEs: 79EXPL: 0CVE-2023-3470 – BIG-IP FIPS HSM password vulnerability CVE-2023-3470
https://notcve.org/view.php?id=CVE-2023-3470
02 Aug 2023 — Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information required to generate the correct password. On vCMP systems, all Guests share the same deterministic password, allowing those with TMSH access on one Guest to access keys of a different Guest. The following BIG-IP ha... • https://my.f5.com/manage/s/article/K000135449 • CWE-287: Improper Authentication CWE-1391: Use of Weak Credentials •
CVSS: 8.8EPSS: 84%CPEs: 114EXPL: 4CVE-2012-1493 – F5 BIG-IP - Authentication Bypass (PoC)
https://notcve.org/view.php?id=CVE-2012-1493
09 Jul 2012 — F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. El dispositivo F5 BIG-IP v9.x anteriores a v9.4.8-HF5, v10.x anteriores a v10.... • https://www.exploit-db.com/exploits/19064 • CWE-255: Credentials Management Errors •