F5 Device Default Support Password

Critical Nessus Plugin ID 10820


The remote service is protected with default administrative credentials.


The remote F5 Networks device has the default password set for the 'support' user account. This account normally provides read/write access to the web configuration utility. An attacker could take advantage of this to reconfigure your systems and possibly gain shell access to the system with super-user privileges.


Remove the 'support' account entirely or change the password of this account to something that is difficult to guess.

Plugin Details

Severity: Critical

ID: 10820

File Name: DDI_F5_Default_Support.nasl

Version: $Revision: 1.17 $

Type: remote

Family: Misc.

Published: 2001/12/06

Modified: 2014/01/14

Dependencies: 10107

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Metasploit (SNMP Community Scanner)

Reference Information

CVE: CVE-1999-0508