In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH.
References
Link | Resource |
---|---|
http://www.securitytracker.com/id/1038569 | |
https://support.f5.com/csp/article/K61757346 | Permissions Required Vendor Advisory |
http://www.securitytracker.com/id/1038569 | |
https://support.f5.com/csp/article/K61757346 | Permissions Required Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
History
21 Nov 2024, 03:29
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securitytracker.com/id/1038569 - | |
References | () https://support.f5.com/csp/article/K61757346 - Permissions Required, Vendor Advisory |
Information
Published : 2017-05-23 15:29
Updated : 2024-11-21 03:29
NVD link : CVE-2017-6131
Mitre link : CVE-2017-6131
CVE.ORG link : CVE-2017-6131
JSON object : View
Products Affected
f5
- big-ip_application_security_manager
- big-ip_application_acceleration_manager
- big-ip_websafe
- big-ip_domain_name_system
- big-ip_link_controller
- big-ip_local_traffic_manager
- big-ip_advanced_firewall_manager
- big-ip_access_policy_manager
- big-ip_policy_enforcement_manager
CWE
CWE-798
Use of Hard-coded Credentials