CVE-2012-1493

high

CVSS v3 Base Score

7.8

AV:N/AC:L/Au:N/C:C/I:N/A:N

EPSS Score

84.4%

Exploitation probability in 30 days

Top 1% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

None

Availability

None

Published: July 9, 2012 (5056 days ago)

Last Modified: April 29, 2026

Vendor: F5

Source: NVD

Description

F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.

CWE

CWE-255

Affected Products

f5 big-ip application security managerf5 big-ip global traffic managerf5 big-ip local traffic managerf5 tmosf5 big-ip 1000f5 big-ip 11000f5 big-ip 11050f5 big-ip 1500f5 big-ip 1600f5 big-ip 2400

References

🔗 support.f5.com 🔗 www.theregister.co.uk 🔗 github.com 🔗 www.trustmatta.com 🔗 support.f5.com

CVE-2012-1493

Vulnerability Report

Description

CWE

Affected Products

References