Main Vulnerability Database Exploits ID:4463 - Exploit for Credentials management in Enterprise Manager - CVE-2012-1493

ID:4463 - Exploit for Credentials management in Enterprise Manager - CVE-2012-1493

Published: August 11, 2020

Vulnerability identifier: #VU43907

Vulnerability risk: Medium

CVE-ID: CVE-2012-1493

CWE-ID: CWE-255

Exploitation vector: Remote access

Vulnerable software:
Enterprise Manager

Link to public exploit:

https://www.exploit-db.com/exploits/19064/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.

Remediation

Install update from vendor's website.

ID:4463 - Exploit for Credentials management in Enterprise Manager - CVE-2012-1493

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human