CVE-2023-41253

2023-10-1013:15:21

CWE-532

[email protected]

web.nvd.nist.gov

cve-2023-41253

plaintext logging

tsig key

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

9.0%

JSON

When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected configurations

Nvd

Node

f5big-ip_domain_name_systemRange13.1.0–14.1.5

f5big-ip_domain_name_systemRange15.1.0–15.1.9

f5big-ip_domain_name_systemRange16.1.0–16.1.4

f5big-ip_local_traffic_managerRange13.1.0–14.1.5

f5big-ip_local_traffic_managerRange15.1.0–15.1.9

f5big-ip_local_traffic_managerRange16.1.0–16.1.4

VendorProductVersionCPE
f5big-ip_domain_name_system*cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
f5big-ip_local_traffic_manager*cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-ip_domain_name_system	*	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
f5	big-ip_local_traffic_manager	*	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::