Security features bypass in APM Clients - #VU52753

 

Security features bypass in APM Clients - #VU52753

Published: April 29, 2021


Vulnerability identifier: #VU52753
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-254
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: F5 Networks
Affected software:
APM Clients

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to after generating the Diagnostics Report, command prompts with elevated privileges remain on the client Windows system. An attacker with access to the system can execute arbitrary code with elevated privileges.


Remediation

Install updates from vendor's website.

Sources