CVE-2017-6152

A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password.

CVSS v3 6.7 MEDIUM
CVSS v2.0 2.1 LOW

6.7^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/103441	Third Party Advisory VDB Entry
https://support.f5.com/csp/article/K35195140	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-03-08 14:29

Updated : 2023-12-10 12:30

NVD link : CVE-2017-6152

Mitre link : CVE-2017-6152

CVE.ORG link : CVE-2017-6152

JSON object : View

Products Affected

f5

big-iq_centralized_management

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2017-6152", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2018-03-08T14:29:00.303", "references": [{"url": "http://www.securityfocus.com/bid/103441", "tags": ["Third Party Advisory", "VDB Entry"], "source": "f5sirt@f5.com"}, {"url": "https://support.f5.com/csp/article/K35195140", "tags": ["Mitigation", "Vendor Advisory"], "source": "f5sirt@f5.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password."}, {"lang": "es", "value": "Un usuario local en F5 BIG-IQ Centralized Management 5.1.0-5.2.0 con el rol Access Manager tiene privilegios para cambiar las contrase\u00f1as de otros usuarios en el sistema, incluyendo la contrase\u00f1a de la cuenta del administrador local."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77721E26-BA5B-447E-906A-685B4948969E", "versionEndIncluding": "5.2.0", "versionStartIncluding": "5.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "f5sirt@f5.com"}