Privilege Escalation in F5 BIG-IP by Remote Authenticated Users
CVE-2016-5020

8.8HIGH

Key Information:

Vendor

F5
Status
Big-ip Wan Optimization Manager
Vendor
CVE Published:
30 June 2016

What is CVE-2016-5020?

The vulnerability presents a significant risk, allowing remote authenticated users with the Resource Administration role to modify the account configurations of other users. Through a cleverly crafted external Extended Application Verification (EAV) monitor script, attackers can escalate their privileges, potentially leading to unauthorized access and manipulation of sensitive account settings. This flaw highlights the necessity for stringent access control measures and prompt updates to mitigate exploitation risks.

References

http://www.securitytracker.com/id/1036131
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/91532
vdb-entryx_refsource_BID
https://support.f5.com/kb/en-us/solutions/public/k/00/sol...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-5020 : Privilege Escalation in F5 BIG-IP by Remote Authenticated Users