Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-41253

When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published

2023-10-10T13:15:21.150

Last Modified

2024-11-21T08:20:55.270

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	f5	big-ip_domain_name_system	≤ 14.1.5	Yes
Application	f5	big-ip_domain_name_system	< 15.1.9	Yes
Application	f5	big-ip_domain_name_system	< 16.1.4	Yes
Application	f5	big-ip_local_traffic_manager	≤ 14.1.5	Yes
Application	f5	big-ip_local_traffic_manager	< 15.1.9	Yes
Application	f5	big-ip_local_traffic_manager	< 16.1.4	Yes

References

https://my.f5.com/manage/s/article/K98334513 Vendor Advisory ([email protected])
https://my.f5.com/manage/s/article/K98334513 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)