When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Metrics
No CVSS v4.0
Attack Vector Local
Attack Complexity Low
Privileges Required Low
Scope Unchanged
Confidentiality Impact High
Integrity Impact None
Availability Impact None
User Interaction None
No CVSS v3.0
No CVSS v2
This CVE is not in the KEV list.
The EPSS score is 0.00226.
Exploitation none
Automatable no
Technical Impact partial
Affected Vendors & Products
Vendors | Products |
---|---|
F5 |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
Configuration 9 [-]
|
Configuration 10 [-]
|
Configuration 11 [-]
|
Configuration 12 [-]
|
Configuration 13 [-]
|
Configuration 14 [-]
|
Configuration 15 [-]
|
Configuration 16 [-]
|
Configuration 17 [-]
|
Configuration 18 [-]
|
Configuration 19 [-]
|
No data.
No data.
Link | Providers |
---|---|
https://my.f5.com/manage/s/article/K06110200 |
![]() ![]() |
Wed, 18 Sep 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: f5
Published:
Updated: 2024-09-18T20:34:33.426Z
Reserved: 2023-10-05T19:17:34.501Z
Link: CVE-2023-43485

Updated: 2024-08-02T19:44:42.276Z

Status : Modified
Published: 2023-10-10T13:15:21.590
Modified: 2024-11-21T08:24:08.163
Link: CVE-2023-43485

No data.

No data.