Privilege escalation in shadow-utils component used by BIG-IP Next for Kubernetes
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-56433 |
| CWE-ID | CWE-264 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
BIG-IP Next for Kubernetes Operating systems & Components / Operating system |
| Vendor | F5 Networks |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU113028
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-56433
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to shadow-utils establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users).
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBIG-IP Next for Kubernetes: 2.0.0
CPE2.3 External linkshttps://my.f5.com/manage/s/article/K000152313
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
