The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host.
2018-08-17T12:29:00.410
2024-11-21T04:09:02.717
Modified
CVSSv3.1: 7.8 (HIGH)
AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | f5 | big-ip_access_policy_manager_client | ≤ 7.1.7 | Yes |
Operating System | apple | macos | - | No |
Operating System | linux | linux_kernel | - | No |
Application | f5 | big-ip_access_policy_manager | ≤ 12.1.3 | Yes |
Operating System | apple | macos | - | No |
Operating System | linux | linux_kernel | - | No |