Vulnerability Details : CVE-2012-1493
Public exploit exists!
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.
Products affected by CVE-2012-1493
- cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:9.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:10.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:11.0.0:hf1:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:11.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:11.1.0:hf2:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:9.4.8:hf4:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.3:hf1:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_global_traffic_manager:9.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_global_traffic_manager:10.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_global_traffic_manager:11.1.0:hf2:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.3:hf1:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_global_traffic_manager:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_global_traffic_manager:11.0.0:hf1:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_global_traffic_manager:11.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_global_traffic_manager:9.4.8:hf4:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:9.2.0:hf4:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:9.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:9.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:9.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:9.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:10.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:11.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:11.1.0:hf2:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:9.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:9.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:10.2.3:hf1:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:11.0.0:hf1:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:*:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:4.5:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:4.5.10:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:4.2:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:4.5.6:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:4.5.9:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.0.5:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:4.6:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:4.5.11:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:4.5.12:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.1:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.2:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.3:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.2.5:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.4.8:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.4.6:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.2.4:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:10.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:10.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.4:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:9.4.7:*:*:*:*:*:*:*
- cpe:2.3:o:f5:tmos:10.2.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_11050:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_1600:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_1000:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_5110:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_6400:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_4100:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_5100:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_3400:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_3410:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_1500:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_2400:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_3900:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_3600:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_8900:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_6900:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_8800:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_8950:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_6800:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_8400:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:big-ip_11000:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:enterprise_manager:*:*:virtual:*:*:*:*:*
- cpe:2.3:a:f5:enterprise_manager:2.0:*:virtual:*:*:*:*:*
- cpe:2.3:a:f5:enterprise_manager:2.1.0:hf1:virtual:*:*:*:*:*
- cpe:2.3:a:f5:enterprise_manager:2.3.0:*:virtual:*:*:*:*:*
- cpe:2.3:a:f5:enterprise_manager:2.3.0:hf2:virtual:*:*:*:*:*
- cpe:2.3:a:f5:enterprise_manager:1.0:*:virtual:*:*:*:*:*
- cpe:2.3:a:f5:enterprise_manager:2.1.0:*:virtual:*:*:*:*:*
- cpe:2.3:a:f5:enterprise_manager:2.2.0:*:virtual:*:*:*:*:*
- cpe:2.3:h:f5:enterprise_manager:*:*:*:*:*:*:*:*
- cpe:2.3:h:f5:enterprise_manager:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5:enterprise_manager:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5:enterprise_manager:1.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5:enterprise_manager:2.3.0:hf2:*:*:*:*:*:*
- cpe:2.3:h:f5:enterprise_manager:2.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5:enterprise_manager:2.1.0:hf1:*:*:*:*:*:*
- cpe:2.3:h:f5:enterprise_manager:2.3.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-1493
84.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2012-1493
-
F5 BIG-IP SSH Private Key Exposure
Disclosure Date: 2012-06-11First seen: 2020-04-26exploit/linux/ssh/f5_bigip_known_privkeyF5 ships a public/private key pair on BIG-IP appliances that allows passwordless authentication to any other BIG-IP box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. Authors: - egypt <egypt
CVSS scores for CVE-2012-1493
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:C/I:N/A:N |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2012-1493
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1493
-
http://www.theregister.co.uk/2012/06/13/f5_kit_metasploit_exploit/
Exploit posted for vulnerable F5 kit • The Register
-
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb
metasploit-framework/f5_bigip_known_privkey.rb at master · rapid7/metasploit-framework · GitHubExploit;Patch
-
http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html
Vendor Advisory
-
https://www.trustmatta.com/advisories/MATTA-2012-002.txt
Jump to