7.8

CVE-2018-5547

EPSS 0.13%
Veröffentlicht 17.08.2018 12:29:00
Zuletzt bearbeitet 21.11.2024 04:09:02
Quelle f5sirt@f5.com
Teams Watchlist Login
Unerledigt Login

Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

F5 ≫ Big-ip Access Policy Manager Client Version7.1.6

F5 ≫ Big-ip Access Policy Manager Client Version7.1.6.1

F5 ≫ Big-ip Access Policy Manager Client Version7.1.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.335

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

http://www.securitytracker.com/id/1041511

Third Party Advisory

VDB Entry

https://support.f5.com/csp/article/K10015187

Vendor Advisory

https://support.f5.com/csp/article/K10015187?utm_source=f5support&amp%3Butm_medium=RSS

https://nvd.nist.gov/vuln/detail/CVE-2018-5547

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-5547

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-5547

EUVD