Lucene search
F5F5:K98334513HistoryOct 10, 2023 - 12:00 a.m.
K98334513 : BIG-IP DNS TSIG key vulnerability CVE-2023-41253
2023-10-1000:00:00
my.f5.com
5
big-ip
dns
tsig
vulnerability
plaintext logging
cve-2023-41253
security
advisory
audit log
authenticated
attacker
control plane
issue
software
Security Advisory Description
When a BIG-IP DNS or BIG-IP LTM system is enabled with the DNS Services license, and a TSIG key is created, the key is logged in plaintext in the audit log. (CVE-2023-41253)
Impact
An authenticated attacker with at least auditor role privileges can view the TSIG key in plaintext. There is no data plane exposure; this is a control plane issue only.
Related
cve
cve
CVE-2023-41253
2023-10-10 13:15:21
prion
prion
Code injection
2023-10-10 13:15:00
cvelist
cvelist
CVE-2023-41253 BIG-IP DNS TSIG Key vulnerability
2023-10-10 12:33:22
nvd
nvd
CVE-2023-41253
2023-10-10 13:15:21
nessus
nessus
F5 Networks BIG-IP : BIG-IP DNS TSIG Key Leakage (K98334513)
2023-10-13 00:00:00
cnvd
cnvd
F5 BIG-IP Information Disclosure Vulnerability (CNVD-2023-75596)
2023-10-11 00:00:00
f5
f5
K000137053 : Overview of F5 vulnerabilities (October 2023)
2023-10-10 00:00:00