CVE-2020-5898

MEDIUM

BIG-IP Edge Client <7.1.10 - Local Privilege Escalation

Title source: llm
STIX 2.1

Description

In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K69154630

Scores

CVSS v3 5.5
EPSS 0.0007
EPSS Percentile 20.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (2)
f5/big-ip_access_policy_manager 11.6.1 - 11.6.5.1
f5/big-ip_access_policy_manager_client 7.1.5 - 7.1.9
Published May 12, 2020
Tracked Since Feb 18, 2026