Main Vulnerability Database Vulnerabilities #VU53575

#VU53575 Cleartext storage of sensitive information in NGINX Controller - CVE-2021-23019

Published: May 25, 2021

Vulnerability identifier: #VU53575

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Amber

CVE-ID: CVE-2021-23019

CWE-ID: CWE-312

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
NGINX Controller

Software vendor:
F5 Networks

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the NGINX Controller Administrator password is exposed via the
systemd.txt file that is included in the NGINX support package. An attacker, who can obtain the support package can retrieve administrator's password and gain unauthorized access to the system.

Remediation

Install updates from vendor's website.

External links

https://support.f5.com/csp/article/K04884013

#VU53575 Cleartext storage of sensitive information in NGINX Controller - CVE-2021-23019

Description

Remediation

External links

Please verify you're human