CVE-2023-43485: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

CVE-2023-43485 is a security vulnerability affecting F5's BIG-IP and BIG-IQ systems. The vulnerability was discovered and disclosed on October 10, 2023, where TACACS+ audit forwarding configuration exposes sensitive information by logging the sharedsecret in plaintext in the audit log. This affects multiple versions of BIG-IP products including versions 13.1.0-13.1.5, 14.1.0-14.1.5, 15.1.0-15.1.9, and 16.1.0-16.1.4, as well as BIG-IQ Centralized Management versions up to 8.2.0 and 8.3.0 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction. The impact is primarily on confidentiality, with no impact on integrity or availability. The vulnerability is classified under CWE-532 (Insertion of Sensitive Information into Log File) (NVD).

The primary impact of this vulnerability is the exposure of sensitive information. When TACACS+ audit forwarding is configured, the sharedsecret is logged in plaintext in the audit log, potentially exposing critical authentication credentials to unauthorized viewers. This could lead to compromise of TACACS+ authentication mechanisms (NVD).

F5 has provided information about this vulnerability in their security advisory. Users should refer to F5's official advisory for specific mitigation steps and patches (F5 Advisory).