{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T17:18:32.157","vulnerabilities":[{"cve":{"id":"CVE-2018-5547","sourceIdentifier":"f5sirt@f5.com","published":"2018-08-17T12:29:00.517","lastModified":"2024-11-21T04:09:02.853","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges"},{"lang":"es","value":"La característica Windows Logon Integration del cliente F5 BIG-IP APM en versiones anteriores a la 7.1.7.1 para Windows utiliza de forma predeterminada el modo de inicio de sesión heredado, que utiliza una cuenta SYSTEM para establecer el acceso a la red. Esta función muestra un cuadro de diálogo de la interfaz de usuario del certificado que contiene el enlace a la política de certificados. Al hacer clic en el enlace, los usuarios sin privilegios pueden abrir cuadros de diálogo adicionales y obtener acceso al explorador de ventanas del equipo local, que se puede utilizar para obtener privilegios de administrador. Windows Logon Integration es vulnerable cuando un administrador instala el cliente APM en un equipo de usuario. Los usuarios que accedan a la máquina local pueden obtener privilegios de administrador"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager_client:7.1.6:*:*:*:*:*:*:*","matchCriteriaId":"23060DCD-6F89-463F-BF27-9D3B86B15C3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager_client:7.1.6.1:*:*:*:*:*:*:*","matchCriteriaId":"A7A32E2B-4891-4B61-A075-33414674EBA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager_client:7.1.7:*:*:*:*:*:*:*","matchCriteriaId":"9D36885D-B70E-4FBA-AAAD-8BF9B07E8A4E"}]}]}],"references":[{"url":"http://www.securitytracker.com/id/1041511","source":"f5sirt@f5.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.f5.com/csp/article/K10015187","source":"f5sirt@f5.com","tags":["Vendor Advisory"]},{"url":"https://support.f5.com/csp/article/K10015187?utm_source=f5support&amp%3Butm_medium=RSS","source":"f5sirt@f5.com"},{"url":"http://www.securitytracker.com/id/1041511","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.f5.com/csp/article/K10015187","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.f5.com/csp/article/K10015187?utm_source=f5support&amp%3Butm_medium=RSS","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}