Security features bypass in APM Clients - #VU52753
Published: April 29, 2021
Vulnerability identifier: #VU52753
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-254
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: F5 Networks
Affected software:
APM Clients
APM Clients
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to after generating the Diagnostics Report, command prompts with elevated privileges remain on the client Windows system. An attacker with access to the system can execute arbitrary code with elevated privileges.
Remediation
Install updates from vendor's website.