PT-2018-8299 · F5 · F5 Big-Iq Centralized Management

Published

2018-03-08

Updated

2019-10-03

CVE-2017-6152

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions F5 BIG-IQ Centralized Management versions 5.1.0 through 5.2.0

Description A local user with the Access Manager role has the ability to change the passwords of other users on the system, including the local admin account password.

Recommendations For F5 BIG-IQ Centralized Management versions 5.1.0 through 5.2.0, consider restricting the privileges of the Access Manager role to prevent unauthorized password changes. As a temporary workaround, monitor user account activity closely and restrict access to the system to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2017-6152

Affected Products

F5 Big-Iq Centralized Management

PT-2018-8299 · F5 · F5 Big-Iq Centralized Management

CVE-2017-6152

Weakness Enumeration

Related Identifiers

Affected Products

References · 4