Privilege Escalation in F5 BIG-IP by Remote Authenticated Users
CVE-2016-5020
8.8HIGH
Summary
The vulnerability presents a significant risk, allowing remote authenticated users with the Resource Administration role to modify the account configurations of other users. Through a cleverly crafted external Extended Application Verification (EAV) monitor script, attackers can escalate their privileges, potentially leading to unauthorized access and manipulation of sensitive account settings. This flaw highlights the necessity for stringent access control measures and prompt updates to mitigate exploitation risks.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved