CVE-2023-45226

Name of the Vulnerable Software and Affected Versions BIG-IP versions prior to the fixed version

Description The BIG-IP SPK TMM contains hardcoded credentials in the f5-debug-sidecar and f5-debug-sshd containers. This may allow an attacker to impersonate the SPK Secure Shell (SSH) server on those containers if they can intercept traffic. The issue is only exposed when SSH debug is enabled.

Recommendations For versions prior to the fixed version, consider disabling SSH debug to minimize the risk of exploitation until a patch is available. Restrict access to the f5-debug-sidecar and f5-debug-sshd containers to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.