CVE-2020-5855

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 64.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Access Policy Manager Client F5 Edge Client FOR Windows

Timeline

PublishedFeb 6

Latest updateMay 24

Description

When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 0.9 | Impact: 3.4

Affected Packages3 packages

▶CVEListV5f5/edge_client_for_windowsAll

▶NVDf5/big-ip_access_policy_manager_client7.1.5 — 7.1.8

▶NVDf5/big-ip_access_policy_manager11.5.2 — 11.6.5+4

🔴Vulnerability Details

GHSA

GHSA-pr8j-wgf3-mgrx: When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical acce↗2022-05-24

▶

CVEList

CVE-2020-5855: When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical acce↗2020-02-06

▶

📋Vendor Advisories

CVE-2020-5855: When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthor...↗2020-02-06

▶