Lucene search
HistoryOct 10, 2023 - 1:15 p.m.
CVE-2023-43485
tacacs+ big-ip big-iq audit log
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
9.1%
When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected configurations
Node
f5big-iq_centralized_managementRange8.0.0–8.2.0.1.0.13.97-eng
ORf5big-iq_centralized_managementRange8.3.0–8.3.0.0.12.118-eng
Node
f5big-ip_access_policy_managerRange13.1.0–13.1.5
ORf5big-ip_access_policy_managerRange14.1.0–14.1.5
ORf5big-ip_access_policy_managerRange15.1.0–15.1.9
ORf5big-ip_access_policy_managerRange16.1.0–16.1.4
Node
f5big-ip_advanced_firewall_managerRange13.1.0–13.1.5
ORf5big-ip_advanced_firewall_managerRange14.1.0–14.1.5
ORf5big-ip_advanced_firewall_managerRange15.1.0–15.1.9
ORf5big-ip_advanced_firewall_managerRange16.1.0–16.1.4
Node
f5big-ip_application_security_managerRange13.1.0–13.1.5
ORf5big-ip_application_security_managerRange14.1.0–14.1.5
ORf5big-ip_application_security_managerRange15.1.0–15.1.9
ORf5big-ip_application_security_managerRange16.1.0–16.1.4
Node
f5big-ip_domain_name_systemRange13.1.0–13.1.5
ORf5big-ip_domain_name_systemRange14.1.0–14.1.5
ORf5big-ip_domain_name_systemRange15.1.0–15.1.9
ORf5big-ip_domain_name_systemRange16.1.0–16.1.4
Node
f5big-ip_local_traffic_managerRange13.1.0–13.1.5
ORf5big-ip_local_traffic_managerRange14.1.0–14.1.5
ORf5big-ip_local_traffic_managerRange15.1.0–15.1.9
ORf5big-ip_local_traffic_managerRange16.1.0–16.1.4
Node
f5big-ip_advanced_web_application_firewallRange13.1.0–13.1.5
ORf5big-ip_advanced_web_application_firewallRange14.1.0–14.1.5
ORf5big-ip_advanced_web_application_firewallRange15.1.0–15.1.9
ORf5big-ip_advanced_web_application_firewallRange16.1.0–16.1.4
Node
f5big-ip_analyticsRange13.1.0–13.1.5
ORf5big-ip_analyticsRange14.1.0–14.1.5
ORf5big-ip_analyticsRange15.1.0–15.1.9
ORf5big-ip_analyticsRange16.1.0–16.1.4
Node
f5big-ip_application_acceleration_managerRange13.1.0–13.1.5
ORf5big-ip_application_acceleration_managerRange14.1.0–14.1.5
ORf5big-ip_application_acceleration_managerRange15.1.0–15.1.9
ORf5big-ip_application_acceleration_managerRange16.1.0–16.1.4
Node
f5big-ip_application_visibility_and_reportingRange13.1.0–13.1.5
ORf5big-ip_application_visibility_and_reportingRange14.1.0–14.1.5
ORf5big-ip_application_visibility_and_reportingRange15.1.0–15.1.9
ORf5big-ip_application_visibility_and_reportingRange16.1.0–16.1.4
Node
f5big-ip_carrier-grade_natRange13.1.0–13.1.5
ORf5big-ip_carrier-grade_natRange14.1.0–14.1.5
ORf5big-ip_carrier-grade_natRange15.1.0–15.1.9
ORf5big-ip_carrier-grade_natRange16.1.0–16.1.4
Node
f5big-ip_ddos_hybrid_defenderRange13.1.0–13.1.5
ORf5big-ip_ddos_hybrid_defenderRange14.1.0–14.1.5
ORf5big-ip_ddos_hybrid_defenderRange15.1.0–15.1.9
ORf5big-ip_ddos_hybrid_defenderRange16.1.0–16.1.4
Node
f5big-ip_fraud_protection_serviceRange13.1.0–13.1.5
ORf5big-ip_fraud_protection_serviceRange14.1.0–14.1.5
ORf5big-ip_fraud_protection_serviceRange15.1.0–15.1.9
ORf5big-ip_fraud_protection_serviceRange16.1.0–16.1.4
Node
f5big-ip_global_traffic_managerRange13.1.0–13.1.5
ORf5big-ip_global_traffic_managerRange14.1.0–14.1.5
ORf5big-ip_global_traffic_managerRange15.1.0–15.1.9
ORf5big-ip_global_traffic_managerRange16.1.0–16.1.4
Node
f5big-ip_link_controllerRange13.1.0–13.1.5
ORf5big-ip_link_controllerRange14.1.0–14.1.5
ORf5big-ip_link_controllerRange15.1.0–15.1.9
ORf5big-ip_link_controllerRange16.1.0–16.1.4
Node
f5big-ip_policy_enforcement_managerRange13.1.0–13.1.5
ORf5big-ip_policy_enforcement_managerRange14.1.0–14.1.5
ORf5big-ip_policy_enforcement_managerRange15.1.0–15.1.9
ORf5big-ip_policy_enforcement_managerRange16.1.0–16.1.4
Node
f5big-ip_ssl_orchestratorRange13.1.0–13.1.5
ORf5big-ip_ssl_orchestratorRange14.1.0–14.1.5
ORf5big-ip_ssl_orchestratorRange15.1.0–15.1.9
ORf5big-ip_ssl_orchestratorRange16.1.0–16.1.4
Node
f5big-ip_webacceleratorRange13.1.0–13.1.5
ORf5big-ip_webacceleratorRange14.1.0–14.1.5
ORf5big-ip_webacceleratorRange15.1.0–15.1.9
ORf5big-ip_webacceleratorRange16.1.0–16.1.4
Node
f5big-ip_websafeRange13.1.0–13.1.5
ORf5big-ip_websafeRange14.1.0–14.1.5
ORf5big-ip_websafeRange15.1.0–15.1.9
ORf5big-ip_websafeRange16.1.0–16.1.4
References
Related
cvelist
cvelist
CVE-2023-43485 BIGIP and BIG-IQ TACACS+ audit log Vulnerability
2023-10-10 12:34:15
nessus
nessus
cve
cve
CVE-2023-43485
2023-10-10 13:15:21
prion
prion
Code injection
2023-10-10 13:15:00
cnvd
cnvd
F5 BIG-IP Information Disclosure Vulnerability (CNVD-2023-75595)
2023-10-11 00:00:00
f5
f5
K06110200 : BIG-IP and BIG-IQ TACACS+ audit log vulnerability CVE-2023-43485
2023-10-10 00:00:00
K000137053 : Overview of F5 vulnerabilities (October 2023)
2023-10-10 00:00:00
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
9.1%
Related for NVD:CVE-2023-43485