Details of VAR-201808-1029

ID

VAR-201808-1029

CVE

CVE-2018-5547

TITLE

F5 BIG-IP APM client Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-009341

DESCRIPTION

Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges. F5 BIG-IP APM client Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP APM client is the client software in a set of access and security solutions of F5 Corporation of the United States. The software primarily provides unified access to business-critical applications and networks

Trust: 1.8

sources: NVD: CVE-2018-5547 // JVNDB: JVNDB-2018-009341 // VULHUB: VHN-135578 // VULMON: CVE-2018-5547

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip access policy manager client	scope:	eq	version:	7.1.7	Trust: 1.6
vendor:	f5	model:	big-ip access policy manager client	scope:	eq	version:	7.1.6	Trust: 1.6
vendor:	f5	model:	big-ip access policy manager client	scope:	eq	version:	7.1.6.1	Trust: 1.6
vendor:	f5	model:	big-ip access policy manager client	scope:	lt	version:	7.1.7.1	Trust: 0.8

sources: JVNDB: JVNDB-2018-009341 // CNNVD: CNNVD-201808-559 // NVD: CVE-2018-5547

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5547
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-5547
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201808-559
value:	HIGH
Trust: 0.6
VULHUB:	VHN-135578
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-5547
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-5547
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-135578
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-5547
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-135578 // VULMON: CVE-2018-5547 // JVNDB: JVNDB-2018-009341 // CNNVD: CNNVD-201808-559 // NVD: CVE-2018-5547

PROBLEMTYPE DATA

problemtype:	CWE-862	Trust: 1.1
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-135578 // JVNDB: JVNDB-2018-009341 // NVD: CVE-2018-5547

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201808-559

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201808-559

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009341

PATCH

title:	K10015187	url:	https://support.f5.com/csp/article/K10015187	Trust: 0.8
title:	F5 BIG-IP APM client Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84147	Trust: 0.6

sources: JVNDB: JVNDB-2018-009341 // CNNVD: CNNVD-201808-559

EXTERNAL IDS

db:	NVD	id:	CVE-2018-5547	Trust: 2.6
db:	SECTRACK	id:	1041511	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-009341	Trust: 0.8
db:	CNNVD	id:	CNNVD-201808-559	Trust: 0.7
db:	VULHUB	id:	VHN-135578	Trust: 0.1
db:	VULMON	id:	CVE-2018-5547	Trust: 0.1

sources: VULHUB: VHN-135578 // VULMON: CVE-2018-5547 // JVNDB: JVNDB-2018-009341 // CNNVD: CNNVD-201808-559 // NVD: CVE-2018-5547

REFERENCES

url:	https://support.f5.com/csp/article/k10015187	Trust: 1.8
url:	http://www.securitytracker.com/id/1041511	Trust: 1.8
url:	https://support.f5.com/csp/article/k10015187?utm_source=f5support&amp%3butm_medium=rss	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5547	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5547	Trust: 0.8
url:	https://support.f5.com/csp/article/k10015187?utm_source=f5support&utm_medium=rss	Trust: 0.7
url:	https://support.f5.com/csp/article/k10015187?utm_source=f5support&amp;utm_medium=rss	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/862.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-135578 // VULMON: CVE-2018-5547 // JVNDB: JVNDB-2018-009341 // CNNVD: CNNVD-201808-559 // NVD: CVE-2018-5547

SOURCES

db:	VULHUB	id:	VHN-135578
db:	VULMON	id:	CVE-2018-5547
db:	JVNDB	id:	JVNDB-2018-009341
db:	CNNVD	id:	CNNVD-201808-559
db:	NVD	id:	CVE-2018-5547

LAST UPDATE DATE

2024-11-23T23:08:35.746000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-135578	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2018-5547	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-009341	date:	2018-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201808-559	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-5547	date:	2024-11-21T04:09:02.853

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-135578	date:	2018-08-17T00:00:00
db:	VULMON	id:	CVE-2018-5547	date:	2018-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-009341	date:	2018-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201808-559	date:	2018-08-20T00:00:00
db:	NVD	id:	CVE-2018-5547	date:	2018-08-17T12:29:00.517