Main Vulnerability Database Vulnerabilities #VU27873

Permissions, Privileges, and Access Controls in BIG-IP APM and APM Clients - CVE-2020-5896

Published: May 13, 2020

Vulnerability identifier: #VU27873

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-5896

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
BIG-IP APM
APM Clients

Software vendor:
F5 Networks

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. A local user can execute signed .exe and MSI files and gain elevated privileges on the client Windows system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://support.f5.com/csp/article/K15478554

Permissions, Privileges, and Access Controls in BIG-IP APM and APM Clients - CVE-2020-5896

Description

Remediation

External links

Please verify you're human