F5 Networks F5OS-A FIPS HSM Password Initialization (K000154661)

The version of F5 Networks F5OS-A installed on the remote host is affected by a vulnerability as referenced in the K000154661 advisory. - When a user attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, the FIPS hardware security module HSM may fail t...

CVE-2025-53860

A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module HSM information on F5 rSeries systems. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-60013

CVE-2025-60013 affects F5OS-A FIPS HSM password initialization. A highly privileged, authenticated attacker could use a password with special shell metacharacters to initialise the rSeries FIPS module, potentially executing arbitrary system commands and crossing a security boundary. Affected hard...

K000148625: F5OS-A FIPS HSM vulnerability CVE-2025-53860

Security Advisory Description A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module HSM information on F5 rSeries systems. CVE-2025-53860 Impact A highly privileged authenticated attacker with access to t...

Default credentials

Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information...

CVE-2023-3470 BIG-IP FIPS HSM password vulnerability CVE-2023-3470

Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information...

K000135449: BIG-IP FIPS HSM password vulnerability CVE-2023-3470

Security Advisory Description Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated attacker with TMOS Shell tmsh access to the BIG-IP system, or anyone with...

F5 Networks BIG-IP : BIG-IP FIPS HSM password vulnerability (K000135449)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4 / 14.1.4 / 15.1.1 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K000135449 advisory. - Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password...