CVE-2018-5547 - OpenCVE

Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
F5	Big-ip Access Policy Manager Client

Configuration 1 [-]

OR	cpe:2.3:a:f5:big-ip_access_policy_manager_client:7.1.6:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager_client:7.1.6.1:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager_client:7.1.7:::::::*

References

Link	Resource
http://www.securitytracker.com/id/1041511	Third Party Advisory VDB Entry
https://support.f5.com/csp/article/K10015187	Vendor Advisory
https://support.f5.com/csp/article/K10015187?utm_source=f5support&amp%3Butm_medium=RSS

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: f5

Published: 2018-08-16T00:00:00

Updated: 2019-10-09T19:07:58

Reserved: 2018-01-12T00:00:00

Link: CVE-2018-5547

JSON object: View

NVD Information

Status : Modified

Published: 2018-08-17T12:29:00.517

Modified: 2023-11-07T02:58:48.577

Link: CVE-2018-5547

JSON object: View

Redhat Information

No data.

CWE

CWE-862

{"containers": {"cna": {"affected": [{"product": "BIG-IP APM client for Windows", "vendor": "F5 Networks, Inc.", "versions": [{"status": "affected", "version": "Prior to version 7.1.7.1"}]}], "datePublic": "2018-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges"}], "problemTypes": [{"descriptions": [{"description": "Privilege Escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-09T19:07:58", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K10015187"}, {"name": "1041511", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041511"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K10015187?utm_source=f5support&amp%3Butm_medium=RSS"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "DATE_PUBLIC": "2018-08-16T00:00:00", "ID": "CVE-2018-5547", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIG-IP APM client for Windows", "version": {"version_data": [{"version_value": "Prior to version 7.1.7.1"}]}}]}, "vendor_name": "F5 Networks, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege Escalation"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K10015187", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K10015187"}, {"name": "1041511", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041511"}, {"name": "https://support.f5.com/csp/article/K10015187?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K10015187?utm_source=f5support&utm_medium=RSS"}]}}}}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2018-5547", "datePublished": "2018-08-16T00:00:00", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2019-10-09T19:07:58", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager_client:7.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "23060DCD-6F89-463F-BF27-9D3B86B15C3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager_client:7.1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "A7A32E2B-4891-4B61-A075-33414674EBA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager_client:7.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "9D36885D-B70E-4FBA-AAAD-8BF9B07E8A4E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges"}, {"lang": "es", "value": "La caracter\u00edstica Windows Logon Integration del cliente F5 BIG-IP APM en versiones anteriores a la 7.1.7.1 para Windows utiliza de forma predeterminada el modo de inicio de sesi\u00f3n heredado, que utiliza una cuenta SYSTEM para establecer el acceso a la red. Esta funci\u00f3n muestra un cuadro de di\u00e1logo de la interfaz de usuario del certificado que contiene el enlace a la pol\u00edtica de certificados. Al hacer clic en el enlace, los usuarios sin privilegios pueden abrir cuadros de di\u00e1logo adicionales y obtener acceso al explorador de ventanas del equipo local, que se puede utilizar para obtener privilegios de administrador. Windows Logon Integration es vulnerable cuando un administrador instala el cliente APM en un equipo de usuario. Los usuarios que accedan a la m\u00e1quina local pueden obtener privilegios de administrador"}], "id": "CVE-2018-5547", "lastModified": "2023-11-07T02:58:48.577", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-17T12:29:00.517", "references": [{"source": "f5sirt@f5.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041511"}, {"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K10015187"}, {"source": "f5sirt@f5.com", "url": "https://support.f5.com/csp/article/K10015187?utm_source=f5support&amp%3Butm_medium=RSS"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}