Vulnerabilities > CVE-2020-5855 - Incorrect Authorization vulnerability in F5 Big-Ip Access Policy Manager

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

CWE-863

NVD

Published: 2020-02-06

Updated: 2021-07-21

Summary

When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Access Policy Manager 11.5.2 F5 BIG IP Access Policy Manager 11.5.3 F5 BIG IP Access Policy Manager 11.5.4 F5 BIG IP Access Policy Manager 11.5.4.1 F5 BIG IP Access Policy Manager 11.5.4.2 F5 BIG IP Access Policy Manager 11.5.4.2.74.291 F5 BIG IP Access Policy Manager 11.5.4.3 F5 BIG IP Access Policy Manager 11.5.4.4 F5 BIG IP Access Policy Manager 11.5.5 F5 BIG IP Access Policy Manager 11.5.6 F5 BIG IP Access Policy Manager 11.5.7 F5 BIG IP Access Policy Manager 11.5.8 F5 BIG IP Access Policy Manager 11.5.9 F5 BIG IP Access Policy Manager 11.5.10 F5 BIG IP Access Policy Manager 11.6.0 F5 BIG IP Access Policy Manager 11.6.1 F5 BIG IP Access Policy Manager 11.6.2 F5 BIG IP Access Policy Manager 11.6.3 F5 BIG IP Access Policy Manager 11.6.3.1 F5 BIG IP Access Policy Manager 11.6.3.2 F5 BIG IP Access Policy Manager 11.6.3.3 F5 BIG IP Access Policy Manager 11.6.3.4 F5 BIG IP Access Policy Manager 11.6.4 F5 BIG IP Access Policy Manager 12.1.0 F5 BIG IP Access Policy Manager 12.1.1 F5 BIG IP Access Policy Manager 12.1.2 F5 BIG IP Access Policy Manager 12.1.3 F5 BIG IP Access Policy Manager 12.1.3.1 F5 BIG IP Access Policy Manager 12.1.3.2 F5 BIG IP Access Policy Manager 12.1.3.3 F5 BIG IP Access Policy Manager 12.1.3.4 F5 BIG IP Access Policy Manager 12.1.3.5 F5 BIG IP Access Policy Manager 12.1.3.6 F5 BIG IP Access Policy Manager 12.1.3.7 F5 BIG IP Access Policy Manager 12.1.4 F5 BIG IP Access Policy Manager 12.1.4.1 F5 BIG IP Access Policy Manager 12.1.4.1.0.97.6 F5 BIG IP Access Policy Manager 12.1.4.2 F5 BIG IP Access Policy Manager 13.1.0 F5 BIG IP Access Policy Manager 13.1.0.1 F5 BIG IP Access Policy Manager 13.1.0.2 F5 BIG IP Access Policy Manager 13.1.0.3 F5 BIG IP Access Policy Manager 13.1.0.4 F5 BIG IP Access Policy Manager 13.1.0.5 F5 BIG IP Access Policy Manager 13.1.0.6 F5 BIG IP Access Policy Manager 13.1.0.7 F5 BIG IP Access Policy Manager 13.1.0.8 F5 BIG IP Access Policy Manager 13.1.1 F5 BIG IP Access Policy Manager 13.1.1.1 F5 BIG IP Access Policy Manager 13.1.1.2 F5 BIG IP Access Policy Manager 13.1.1.3 F5 BIG IP Access Policy Manager 13.1.1.4 F5 BIG IP Access Policy Manager 13.1.1.5 F5 BIG IP Access Policy Manager 13.1.2 F5 BIG IP Access Policy Manager 14.1.0 F5 BIG IP Access Policy Manager 14.1.0.1 F5 BIG IP Access Policy Manager 14.1.0.2 F5 BIG IP Access Policy Manager 14.1.0.2.0.45.4 F5 BIG IP Access Policy Manager 14.1.0.2.0.62.4 F5 BIG IP Access Policy Manager 14.1.0.3 F5 BIG IP Access Policy Manager 14.1.0.3.0.79.6 F5 BIG IP Access Policy Manager 14.1.0.3.0.97.6 F5 BIG IP Access Policy Manager 14.1.0.3.0.99.6 F5 BIG IP Access Policy Manager 14.1.0.5 F5 BIG IP Access Policy Manager 14.1.0.5.0.15.5 F5 BIG IP Access Policy Manager 14.1.0.5.0.36.5 F5 BIG IP Access Policy Manager 14.1.0.5.0.40.5 F5 BIG IP Access Policy Manager 14.1.0.6 F5 BIG IP Access Policy Manager 14.1.0.6.0.11.9 F5 BIG IP Access Policy Manager 14.1.0.6.0.14.9 F5 BIG IP Access Policy Manager 14.1.0.6.0.68.9 F5 BIG IP Access Policy Manager 14.1.0.6.0.70.9 F5 BIG IP Access Policy Manager 14.1.2 F5 BIG IP Access Policy Manager 15.0.0 F5 BIG IP Access Policy Manager 15.0.1 F5 BIG IP Access Policy Manager 15.0.1.0.33.11 F5 BIG IP Access Policy Manager 15.0.1.0.48.11 F5 BIG IP Access Policy Manager 15.0.1.1 F5 BIG IP Access Policy Manager 15.0.1.2 F5 BIG IP Access Policy Manager 15.0.1.3 F5 BIG IP Access Policy Manager 15.0.1.4 F5 BIG IP Access Policy Manager 15.1.0 F5 BIG IP Access Policy Manager Client 7.1.5 F5 BIG IP Access Policy Manager Client 7.1.6 F5 BIG IP Access Policy Manager Client 7.1.6.1 F5 BIG IP Access Policy Manager Client 7.1.7 F5 BIG IP Access Policy Manager Client 7.1.8	95
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://support.f5.com/csp/article/K55102004