CVE-2018-5543
published 2018-07-31CVE-2018-5543: The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0 (k8s-bigip-crtl) passes BIG-IP username and password as command line parameters, which may lead to…
PriorityP342high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
1.24%
65.6th percentile
The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0 (k8s-bigip-crtl) passes BIG-IP username and password as command line parameters, which may lead to disclosure of the credentials used by the container.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip_controller | — | — |
| f5 | big-ip_controller | 1.0.0 – 1.5.0 | — |
| f5_networks_inc | f5_container_connector | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
F5
CVE-2018-5543: The F5 BIG-IP Controller for Kubernetes 1
vendor_f5·2018-07-31·CVSS 8.8
CVE-2018-5543 [HIGH] CWE-522 CVE-2018-5543: The F5 BIG-IP Controller for Kubernetes 1
CVE-2018-5543: The F5 BIG-IP Controller for Kubernetes 1
The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0 (k8s-bigip-crtl) passes BIG-IP username and password as command line parameters, which may lead to disclosure of the credentials used by the container.
Affected Products: Big-Ip Controller
Affected Versions: 1.0.0 - 1.5.0
F5 Advisory Articles: K58935003
F5 References: https://support.f5.com/csp/article/K58935003
GHSA
GHSA-85mh-wphv-chhh: The F5 BIG-IP Controller for Kubernetes 1
ghsa_unreviewed·2022-05-13
CVE-2018-5543 [HIGH] CWE-522 GHSA-85mh-wphv-chhh: The F5 BIG-IP Controller for Kubernetes 1
The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0 (k8s-bigip-crtl) passes BIG-IP username and password as command line parameters, which may lead to disclosure of the credentials used by the container.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-07-31
Published