Lucene search

K
f5F5F5:K98334513
HistoryOct 10, 2023 - 12:00 a.m.

K98334513 : BIG-IP DNS TSIG key vulnerability CVE-2023-41253

2023-10-1000:00:00
my.f5.com
7
big-ip
dns
tsig
vulnerability
plaintext logging
cve-2023-41253
security
advisory
audit log
authenticated
attacker
control plane
issue
software

AI Score

6.6

Confidence

High

EPSS

0

Percentile

9.0%

Security Advisory Description

When a BIG-IP DNS or BIG-IP LTM system is enabled with the DNS Services license, and a TSIG key is created, the key is logged in plaintext in the audit log. (CVE-2023-41253)

Impact

An authenticated attacker with at least auditor role privileges can view the TSIG key in plaintext. There is no data plane exposure; this is a control plane issue only.

AI Score

6.6

Confidence

High

EPSS

0

Percentile

9.0%