Main Vulnerability Database SB2021052545

SB2021052545 - Administrator's password disclosure in NGINX Controller

Published: May 25, 2021

Security Bulletin ID SB2021052545

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cleartext storage of sensitive information (CVE-ID: CVE-2021-23019)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the NGINX Controller Administrator password is exposed via the
systemd.txt file that is included in the NGINX support package. An attacker, who can obtain the support package can retrieve administrator's password and gain unauthorized access to the system.

Remediation

Install update from vendor's website.

References

https://support.f5.com/csp/article/K04884013