Improper Authentication in BIG-IP APM and APM Clients - CVE-2020-5855
Published: February 6, 2020
Vulnerability identifier: #VU25003
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-5855
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: F5 Networks
Affected software:
BIG-IP APM
APM Clients
BIG-IP APM
APM Clients
Detailed vulnerability description
The vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to an error when the Windows Logon Integration feature is configured for BIG-IP Edge Client. An attacker with physical access to an authorized user's machine can bypass authentication to gain unauthorized access to internal resources or compromise the availability of the resources.
How to mitigate CVE-2020-5855
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.