Race Condition Vulnerability in F5 BIG-IP APM Client for Linux and macOS
CVE-2018-15332

7HIGH

Key Information:

Vendor
F5
Vendor
CVE Published:
6 December 2018

Summary

The svpn component of the F5 BIG-IP APM client, prior to version 7.1.7.2, is susceptible to a race condition that allows unprivileged users to potentially gain ownership of root-owned files on their local client machines. This vulnerability arises from the way the svpn process runs with elevated privileges, creating a risk that can be exploited if not properly addressed. It underscores the importance of keeping software updated and ensuring that security practices are in place to mitigate risks associated with potential privilege escalations.

Affected Version(s)

BIG-IP (APM), BIG-IP APM Clients, BIG-IP Edge Client APM Client 7.1.5 - 7.1.7.1, Edge Client 7101 - 7150

References

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.