CVE-2012-1493

Name of the Vulnerable Software and Affected Versions F5 BIG-IP appliances versions 9.x through 9.4.8-HF4, versions 10.x through 10.2.4, versions 11.0.x through 11.0.0-HF1, and versions 11.1.x through 11.1.0-HF2 F5 Enterprise Manager versions 2.1.x through 2.1.0-HF1, versions 2.2.x through 2.2.0-HF0, and versions 2.3.x through 2.3.0-HF2

Description The issue arises from the use of a single SSH private key across different customers' installations, combined with a lack of proper access restrictions to this key. This makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.

Recommendations For F5 BIG-IP appliances versions 9.x through 9.4.8-HF4, update to version 9.4.8-HF5 or later. For F5 BIG-IP appliances versions 10.x through 10.2.4, update to version 10.2.4 or later. For F5 BIG-IP appliances versions 11.0.x through 11.0.0-HF1, update to version 11.0.0-HF2 or later. For F5 BIG-IP appliances versions 11.1.x through 11.1.0-HF2, update to version 11.1.0-HF3 or later. For F5 Enterprise Manager versions 2.1.x through 2.1.0-HF1, update to version 2.1.0-HF2 or later. For F5 Enterprise Manager versions 2.2.x through 2.2.0-HF0, update to version 2.2.0-HF1 or later. For F5 Enterprise Manager versions 2.3.x through 2.3.0-HF2, update to version 2.3.0-HF3 or later.