PT-2018-17037 · F5 · F5 Big-Ip Controller For Kubernetes

Published

2018-07-31

Updated

2019-10-03

CVE-2018-5543

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions F5 BIG-IP Controller for Kubernetes versions 1.0.0 through 1.5.0

Description The issue concerns the disclosure of BIG-IP username and password. The F5 BIG-IP Controller for Kubernetes passes these credentials as command line parameters, which may lead to their disclosure.

Recommendations For versions 1.0.0 through 1.5.0, consider modifying the container to avoid passing the BIG-IP username and password as command line parameters to prevent credential disclosure. As a temporary workaround, restrict access to the container's command line parameters to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2018-5543

Affected Products

F5 Big-Ip Controller For Kubernetes

PT-2018-17037 · F5 · F5 Big-Ip Controller For Kubernetes

CVE-2018-5543

Weakness Enumeration

Related Identifiers

Affected Products

References · 4