CVE-2023-43485

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Oct 10, 2023

Updated: Oct 17, 2023

CWE ID 532

Summary

CVE-2023-43485 is a vulnerability affecting BIG-IP and BIG-IQ systems. When TACACS+ audit forwarding is enabled, the shared secret is logged in plaintext in the audit log, posing a security risk. This issue does not affect software versions that have reached End of Technical Support. This vulnerability may allow unauthorized users to gain sensitive information, potentially leading to unauthorized access or other malicious activities. System administrators are advised to disable audit forwarding or implement secure methods to protect the shared secret.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s5tOxV
https://www.cve.org/CVERecord?id=CVE-2023-43485
https://nvd.nist.gov/vuln/detail/CVE-2023-43485

Back to Vulnerability Database

CVE-2023-43485

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations