Unauthorized Access Vulnerability in F5 BIG-IP Edge Client for Windows
CVE-2020-5855

4.3MEDIUM

Key Information:

Vendor: F5
Status: Edge Client For Windows
Vendor: CVE Published:; 6 February 2020

Summary

The F5 BIG-IP Edge Client for Windows has a vulnerability due to its Windows Logon Integration feature. When configured, this flaw allows unauthorized individuals with physical access to an authorized user's machine to gain shell access as an unprivileged user. This could potentially lead to unauthorized actions or data exposure, emphasizing the importance of proper physical security measures in environments using this software.

Affected Version(s)

Edge Client for Windows All

References

https://support.f5.com/csp/article/K55102004

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2020
Vulnerability Reserved
Jan 6, 2020