CVE-2018-15332

7HIGH

Key Information:

Vendor
F5
Status
Big-ip (apm), Big-ip Apm Clients, Big-ip Edge Client
Vendor
CVE Published:
6 December 2018

Summary

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.

Affected Version(s)

BIG-IP (APM), BIG-IP APM Clients, BIG-IP Edge Client APM Client 7.1.5 - 7.1.7.1, Edge Client 7101 - 7150

References

https://support.f5.com/csp/article/K12130880
x_refsource_CONFIRM
http://www.securityfocus.com/bid/106135
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.