|
|
|
|
| |
Credit:
The information has been provided by Florent Daigniere.
|
| |
Vulnerable Systems:
* F5 BIG-IP Remote Root Authentication
Vulnerable BIG-IP installations allow unauthenticated users to bypass authentication and login as the 'root' user on the device.
The SSH private key corresponding to the following public key is public and present on all vulnerable appliances:
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAvIhC5skTzxyHif/7iy3yhxuK6/OB13hjPqrskogkYFrcW8OK4VJT+5+Fx7wd4sQCnVn8rNqahw/x6sfcOMDI/Xvn4yKU4t8TnYf2MpUVr4ndz39L5Ds1n7Si1m2suUNxWbKv58I8+NMhlt2ITraSuTU0NGymWOc8+LNi+MHXdLk=
SCCP Superuser
Its fingerprint is:
71:3a:b0:18:e2:6c:41:18:4e:56:1e:fd:d2:49:97:66
If successful, a malicious third party can get full control of the device with little to no effort. The Attacker might reposition and launch an attack against other parts of the target infrastructure from there.
CVE Information:
2012-1493
Disclosure Timeline:
16-02-12 initial discovery
22-02-12 initial attempt to contact the vendor
24-02-12 reply from David Wang, case C1062228 is open
24-02-12 draft of the advisory sent to the vendor
01-03-12 CVE-2012-1493 is assigned
06-04-12 James Affeld starts coordinating the notification effort
23-05-12 F5 notifies us that patches are ready
29-05-12 F5 sends advance notification to some customers
06-06-12 Public disclosure
|
|
|
|
|
