How severe is CVE-2018-5547?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2018-5547?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2018-5547

HIGH Year: 2018

CVSS v3 Score

7.8

High

CVSS v2 Score

7.2

High

Weakness Type

CWE-862

View all →

Vulnerability Description

Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges

CVE-2012-0055

HIGH

CVSS:7.8(High)

OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unaut...

CWE-8622012

CVE-2015-0571

HIGH

CVSS:7.8(High)

The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for p...

CWE-8622015

CVE-2017-0554

HIGH

CVSS:7.8(High)

An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate b...

CWE-8622017

CVE-2017-11042

HIGH

CVSS:7.8(High)

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control.

CWE-8622017

CVE-2017-13209

HIGH

CVSS:7.8(High)

In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL ...

CWE-8622017

CVE-2017-13247

HIGH

CVSS:7.8(High)

In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User inte...

CWE-8622017

CVE-2018-5547

Vulnerability Description

Related Vulnerabilities

CVE-2012-0055

CVE-2015-0571

CVE-2017-0554

CVE-2017-11042

CVE-2017-13209

CVE-2017-13247