CVE-2023-45226
HIGHF5 BIG-IP Next Service Proxy for Kubernetes - Use of Hard-coded Credentials in TMM Debug Containers
Title source: llmDescription
The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://my.f5.com/manage/s/article/K000135874
Scores
CVSS v3
7.4
EPSS
0.0057
EPSS Percentile
68.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-798
Status
published
Products (1)
f5/big-ip_next_service_proxy_for_kubernetes
1.5.0
Published
Oct 10, 2023
Tracked Since
Feb 18, 2026