F5 BIG-IP SSH private key

Added: 07/03/2012
CVE: CVE-2012-1493
BID: 53897
OSVDB: 82780

Background

SSH Private keys are used for authentication for many F5 BIG-IP devices. Devices shipped with a default, static key are vulnerable to compromise if the public discovers the key. The private key can be re-used by an attacker to gain remote, privileged access to the device.

Problem

Vulnerable BIG-IP installations allow unauthenticated users to bypass authentication and login as the 'root' user on the following devices:

Resolution

The vendor has indicated these versions are patched:
Note: Systems that are licensed to run in Appliance mode on BIG-IP version 10.2.1-HF3 or later are not susceptible to this vulnerability. For more information about Appliance mode, refer to SOL12815: Overview of Appliance mode.

References

http://support.f5.com/kb/en-us/solutions/public/12000/800/sol12815.html

Limitations

The target must be running the ssh service in order for the exploit to succeed.

The OpenSSH client must be installed on the SAINTexploit host.

Platforms

Linux
Unix

Back to exploit index