#VU25003 Improper Authentication in BIG-IP APM and APM Clients - CVE-2020-5855
Published: February 6, 2020
Vulnerability identifier: #VU25003
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-5855
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
BIG-IP APM
APM Clients
BIG-IP APM
APM Clients
Software vendor:
F5 Networks
F5 Networks
Description
The vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to an error when the Windows Logon Integration feature is configured for BIG-IP Edge Client. An attacker with physical access to an authorized user's machine can bypass authentication to gain unauthorized access to internal resources or compromise the availability of the resources.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.