CVE-2020-5855

Published: Feb 6, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 0.9 / Impact: 3.4

Source: NVD

Description

When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.

Affected (6)

Products: F5: Big Ip Access Policy Manager, Big Ip Access Policy Manager Client

2 products

Big Ip Access Policy Manager

Big Ip Access Policy Manager Client

Configuration A

6 vulnerable · 1 platform

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 11.5.2 to 11.6.5
F5 Big Ip Access Policy Manager	From 12.1.0 to 12.1.5
F5 Big Ip Access Policy Manager	From 13.1.0 to 13.1.3
F5 Big Ip Access Policy Manager	From 14.1.0 to 14.1.2
F5 Big Ip Access Policy Manager	From 15.0.0 to 15.1.0
F5 Big Ip Access Policy Manager Client	From 7.1.5 to 7.1.8

Running on/with	Platform Versions
Microsoft Windows	All versions

References (2)

https://support.f5.com/csp/article/K55102004

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K55102004

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.