Privilege escalation in BIG-IP APM

#VU14462 Privilege escalation in BIG-IP APM

Published: 2018-08-17 | Updated: 2018-08-20

Vulnerability identifier: #VU14462

Vulnerability risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5547

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
BIG-IP APM
Hardware solutions / Security hardware applicances

Vendor: F5 Networks

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to F5 BIG-IP APM Client for Windows uses Legacy logon mode with a System account and displays a certificate user interface dialog box containing a link to the certificate policy. A local attacker can exploit the dialog box to gain administrator level privileges.

Mitigation
Update to version 7.1.7.1.

Vulnerable software versions

BIG-IP APM: 7.1.6 - 7.1.7

External links
http://support.f5.com/csp/article/K10015187

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Privilege escalation in F5 BIG-IP APM