CVE-2018-5547

Name of the Vulnerable Software and Affected Versions F5 BIG-IP APM client versions prior to 7.1.7.1 for Windows

Description The Windows Logon Integration feature of the F5 BIG-IP APM client uses Legacy logon mode by default, which allows unprivileged users to potentially gain administrator privileges. This occurs when the APM client is installed by an administrator on a user machine, and the user accesses the local machine. The vulnerability is exploited through the certificate user interface dialog box, which contains a link to the certificate policy. By clicking on this link, users can open additional dialog boxes and access the local machine's Windows Explorer, ultimately leading to elevated privileges.

Recommendations For versions prior to 7.1.7.1, update to version 7.1.7.1 or later to resolve the issue. As a temporary workaround, consider disabling the Windows Logon Integration feature until a patch is available. Restrict access to the local machine to minimize the risk of exploitation. Avoid using the Legacy logon mode in the APM client until the issue is resolved.