CVE-2018-5547Missing Authorization in Networks INC Big-ip APM Client FOR Windows

CWE-862Missing Authorization4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 86.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 Networks INC Big-ip APM Client FOR WindowsF5 Big-ip Access Policy Manager Client
Timeline
PublishedAug 17
Latest updateMay 13

Description

Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integra

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5f5_networks_inc/big-ip_apm_client_for_windowsPrior to version 7.1.7.1
NVDf5/big-ip_access_policy_manager_client7.1.6, 7.1.6.1, 7.1.7+2

🔴Vulnerability Details

2
GHSA
GHSA-m3rp-fqh4-whc7: Windows Logon Integration feature of F5 BIG-IP APM client prior to version 72022-05-13
CVEList
CVE-2018-5547: Windows Logon Integration feature of F5 BIG-IP APM client prior to version 72018-08-17

📋Vendor Advisories

1
F5
CVE-2018-5547: Windows Logon Integration feature of F5 BIG-IP APM client prior to version 72018-08-17
CVE-2018-5547 — Missing Authorization | cvebase