7.8

CVE-2012-1493

Exploit

EPSS 84.38%
Published 09.07.2012 22:55:00
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

F5 ≫ Big-ip Application Security Manager Version9.2.0

F5 ≫ Big-ip Application Security Manager Version9.2.0 Updatehf4

F5 ≫ Big-ip Application Security Manager Version9.4.4

F5 ≫ Big-ip Application Security Manager Version9.4.5

F5 ≫ Big-ip Application Security Manager Version9.4.6

F5 ≫ Big-ip Application Security Manager Version9.4.7

F5 ≫ Big-ip Application Security Manager Version9.4.8

F5 ≫ Big-ip Application Security Manager Version10.0.0

F5 ≫ Big-ip Application Security Manager Version10.0.1

F5 ≫ Big-ip Application Security Manager Version10.2.3 Updatehf1

F5 ≫ Big-ip Application Security Manager Version11.0.0

F5 ≫ Big-ip Application Security Manager Version11.0.0 Updatehf1

F5 ≫ Big-ip Application Security Manager Version11.1.0

F5 ≫ Big-ip Application Security Manager Version11.1.0 Updatehf2

F5 ≫ Big-ip Global Traffic Manager

F5 ≫ Big-ip Global Traffic Manager Version9.2.2

F5 ≫ Big-ip Global Traffic Manager Version9.4.8 Updatehf4

F5 ≫ Big-ip Global Traffic Manager Version10.0.0

F5 ≫ Big-ip Global Traffic Manager Version10.2.3 Updatehf1

F5 ≫ Big-ip Global Traffic Manager Version11.0.0

F5 ≫ Big-ip Global Traffic Manager Version11.0.0 Updatehf1

F5 ≫ Big-ip Global Traffic Manager Version11.1.0

F5 ≫ Big-ip Global Traffic Manager Version11.1.0 Updatehf2

F5 ≫ Big-ip Local Traffic Manager

F5 ≫ Big-ip Local Traffic Manager Version9.0.0

F5 ≫ Big-ip Local Traffic Manager Version9.4.8 Updatehf4

F5 ≫ Big-ip Local Traffic Manager Version10.0.0

F5 ≫ Big-ip Local Traffic Manager Version10.2.3 Updatehf1

F5 ≫ Big-ip Local Traffic Manager Version11.0.0

F5 ≫ Big-ip Local Traffic Manager Version11.0.0 Updatehf1

F5 ≫ Big-ip Local Traffic Manager Version11.1.0

F5 ≫ Big-ip Local Traffic Manager Version11.1.0 Updatehf2

F5 ≫ Tmos

F5 ≫ Tmos Version2.0

F5 ≫ Tmos Version4.0

F5 ≫ Tmos Version4.2

F5 ≫ Tmos Version4.3

F5 ≫ Tmos Version4.4

F5 ≫ Tmos Version4.5

F5 ≫ Tmos Version4.5.6

F5 ≫ Tmos Version4.5.9

F5 ≫ Tmos Version4.5.10

F5 ≫ Tmos Version4.5.11

F5 ≫ Tmos Version4.5.12

F5 ≫ Tmos Version4.6

F5 ≫ Tmos Version4.6.2

F5 ≫ Tmos Version9.0

F5 ≫ Tmos Version9.0.1

F5 ≫ Tmos Version9.0.2

F5 ≫ Tmos Version9.0.3

F5 ≫ Tmos Version9.0.4

F5 ≫ Tmos Version9.0.5

F5 ≫ Tmos Version9.1

F5 ≫ Tmos Version9.1.1

F5 ≫ Tmos Version9.1.2

F5 ≫ Tmos Version9.1.3

F5 ≫ Tmos Version9.2

F5 ≫ Tmos Version9.2.2

F5 ≫ Tmos Version9.2.3

F5 ≫ Tmos Version9.2.4

F5 ≫ Tmos Version9.2.5

F5 ≫ Tmos Version9.3

F5 ≫ Tmos Version9.3.1

F5 ≫ Tmos Version9.4

F5 ≫ Tmos Version9.4.1

F5 ≫ Tmos Version9.4.2

F5 ≫ Tmos Version9.4.3

F5 ≫ Tmos Version9.4.4

F5 ≫ Tmos Version9.4.5

F5 ≫ Tmos Version9.4.6

F5 ≫ Tmos Version9.4.7

F5 ≫ Tmos Version9.4.8

F5 ≫ Tmos Version9.6.0

F5 ≫ Tmos Version9.6.1

F5 ≫ Tmos Version10.0.0

F5 ≫ Tmos Version10.0.1

F5 ≫ Tmos Version10.1.0

F5 ≫ Tmos Version10.2.0

F5 ≫ Big-ip 1000

F5 ≫ Big-ip 11000

F5 ≫ Big-ip 11050

F5 ≫ Big-ip 1500

F5 ≫ Big-ip 1600

F5 ≫ Big-ip 2400

F5 ≫ Big-ip 3400

F5 ≫ Big-ip 3410

F5 ≫ Big-ip 3600

F5 ≫ Big-ip 3900

F5 ≫ Big-ip 4100

F5 ≫ Big-ip 5100

F5 ≫ Big-ip 5110

F5 ≫ Big-ip 6400

F5 ≫ Big-ip 6800

F5 ≫ Big-ip 6900

F5 ≫ Big-ip 8400

F5 ≫ Big-ip 8800

F5 ≫ Big-ip 8900

F5 ≫ Big-ip 8950

F5 ≫ Enterprise Manager Editionvirtual

F5 ≫ Enterprise Manager Version1.0 Editionvirtual

F5 ≫ Enterprise Manager Version2.0 Editionvirtual

F5 ≫ Enterprise Manager Version2.1.0 Editionvirtual

F5 ≫ Enterprise Manager Version2.1.0 Updatehf1 Editionvirtual

F5 ≫ Enterprise Manager Version2.2.0 Editionvirtual

F5 ≫ Enterprise Manager Version2.3.0 Editionvirtual

F5 ≫ Enterprise Manager Version2.3.0 Updatehf2 Editionvirtual

F5 ≫ Enterprise Manager

F5 ≫ Enterprise Manager Version1.0

F5 ≫ Enterprise Manager Version2.0

F5 ≫ Enterprise Manager Version2.1.0

F5 ≫ Enterprise Manager Version2.1.0 Updatehf1

F5 ≫ Enterprise Manager Version2.2.0

F5 ≫ Enterprise Manager Version2.3.0

F5 ≫ Enterprise Manager Version2.3.0 Updatehf2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	84.38%	0.992

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:C/I:N/A:N

http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html

Vendor Advisory

http://www.theregister.co.uk/2012/06/13/f5_kit_metasploit_exploit/

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb

Patch

Exploit

https://www.trustmatta.com/advisories/MATTA-2012-002.txt

https://nvd.nist.gov/vuln/detail/CVE-2012-1493

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-1493

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-1493

EUVD