VDB
CVE-2023-45226
CVE-2023-45226
PUBLISHED
CVSS 7.400000095367432 HIGH
The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
EPSS 0.57% · 69.1th percentile
Risk Scores
CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.57%
69.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| f5 | big-ip_next_service_proxy_for_kubernetes | 1.5.0 |
| F5 | BIG-IP Next SPK | 1.5.0 |
Exploit Intelligence
- CIRCL seen: CVE-2023-45226 (circl-sighting)
- https://my.f5.com/manage/s/article/K000135874 (circl)
Timeline
- Oct 10, 2023 CVE Published
- Oct 10, 2023 PoC Published
- Oct 11, 2023 EPSS Score
- Nov 11, 2023 EPSS Score
- Dec 13, 2023 EPSS Score
- Jan 13, 2024 EPSS Score
- Feb 14, 2024 EPSS Score
- Mar 16, 2024 EPSS Score
- Apr 17, 2024 EPSS Score
- May 18, 2024 EPSS Score
- Jun 19, 2024 EPSS Score
- Jul 20, 2024 EPSS Score