CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
97.0%
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers’ installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.
Vendor | Product | Version | CPE |
---|---|---|---|
f5 | big-ip_application_security_manager | 9.2.0 | cpe:2.3:a:f5:big-ip_application_security_manager:9.2.0:*:*:*:*:*:*:* |
f5 | big-ip_application_security_manager | 9.2.0 | cpe:2.3:a:f5:big-ip_application_security_manager:9.2.0:hf4:*:*:*:*:*:* |
f5 | big-ip_application_security_manager | 9.4.4 | cpe:2.3:a:f5:big-ip_application_security_manager:9.4.4:*:*:*:*:*:*:* |
f5 | big-ip_application_security_manager | 9.4.5 | cpe:2.3:a:f5:big-ip_application_security_manager:9.4.5:*:*:*:*:*:*:* |
f5 | big-ip_application_security_manager | 9.4.6 | cpe:2.3:a:f5:big-ip_application_security_manager:9.4.6:*:*:*:*:*:*:* |
f5 | big-ip_application_security_manager | 9.4.7 | cpe:2.3:a:f5:big-ip_application_security_manager:9.4.7:*:*:*:*:*:*:* |
f5 | big-ip_application_security_manager | 9.4.8 | cpe:2.3:a:f5:big-ip_application_security_manager:9.4.8:*:*:*:*:*:*:* |
f5 | big-ip_application_security_manager | 10.0.0 | cpe:2.3:a:f5:big-ip_application_security_manager:10.0.0:*:*:*:*:*:*:* |
f5 | big-ip_application_security_manager | 10.0.1 | cpe:2.3:a:f5:big-ip_application_security_manager:10.0.1:*:*:*:*:*:*:* |
f5 | big-ip_application_security_manager | 10.2.3 | cpe:2.3:a:f5:big-ip_application_security_manager:10.2.3:hf1:*:*:*:*:*:* |