F5 BIG-IP DNS
Easy fix5 remedies
cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*
Easy fix5 remedies
- >= 17.5.0, <= 17.5.1
- >= 17.1.0, <= 17.1.3
- >= 16.1.0, <= 16.1.6
F5 BIG-IP DNS iControl REST Cleartext Password Exposure Vulnerability
Vulnerability
Patched
A vulnerability exists in the BIG-IP DNS iControl REST commands 'gtm_add' and 'bigip_add', which return the 'ssh-password' parameter in cleartext. This information is also logged in the audit log. As a result, a highly privileged, authenticated attacker with access to the audit log could view sensitive information. This issue affects BIG-IP DNS versions 17.5.0 to 17.5.1 and 17.1.0 to 17.1.3, as well as all 16.x versions. Note that versions that have reached End of Technical Support are not evaluated.
Impact
Exploitation of this vulnerability could lead to unauthorized access to cleartext SSH passwords, which could be used to gain further access or privileges on the affected system.
Remediation
Users can upgrade to BIG-IP DNS versions 17.5.1.4 or 17.1.3.1 to address this vulnerability. For more information about managing BIG-IP product hotfixes, refer to the F5 article K13123.
Added: May 13, 2026, 6:47 PM
Updated: May 13, 2026, 6:47 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
2.5exploitability
5.0remediation
8.3relevance
8.2threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.