CVSS Score of 10 (low)


Published Aug 2, 2023
Updated: Oct 13, 2023
CWE ID 287
CWE ID 1391


CVE-2023-3470 is a vulnerability that affects specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards. The vulnerability allows an authenticated user with TMSH access to the BIG-IP system or anyone with physical access to the FIPS HSM to generate the correct password for the Crypto User account. This predictable password can also be used by users on one Guest to access keys of a different Guest on vCMP systems. The affected hardware platforms include 10350v-F, i5820-DF, i7820-DF, and more. To remediate this vulnerability, users should update their firmware to a non-vulnerable version. This vulnerability poses a medium level of danger as it could allow unauthorized access to sensitive information and compromise the security of the organization's systems.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-3470 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options