Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BIG-IP Next SPK SSH vulnerability
Vulnerability Description
The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
F5 BIG-IP 信任管理问题漏洞
Vulnerability Description
F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP 存在信任管理问题漏洞,该漏洞源于 BIG-IP SPK TMM(流量管理模块)f5-debug-sidecar 和 f5-debug-sshd 容器包含硬编码凭据,可能允许能够拦截流量的攻击者模拟这些容器上的 SPK Secure Shell (SSH) 服务器。仅当启用 ssh 调试时才会公开此信息。
CVSS Information
N/A
Vulnerability Type
N/A