Race Condition Vulnerability in F5 BIG-IP APM Client for Linux and macOS
CVE-2018-15332

7HIGH

Key Information:

Vendor: F5
Status: Big-ip (apm), Big-ip Apm Clients, Big-ip Edge Client
Vendor: CVE Published:; 6 December 2018

Summary

The svpn component of the F5 BIG-IP APM client, prior to version 7.1.7.2, is susceptible to a race condition that allows unprivileged users to potentially gain ownership of root-owned files on their local client machines. This vulnerability arises from the way the svpn process runs with elevated privileges, creating a risk that can be exploited if not properly addressed. It underscores the importance of keeping software updated and ensuring that security practices are in place to mitigate risks associated with potential privilege escalations.

Affected Version(s)

BIG-IP (APM), BIG-IP APM Clients, BIG-IP Edge Client APM Client 7.1.5 - 7.1.7.1, Edge Client 7101 - 7150

References

https://support.f5.com/csp/article/K12130880

x_refsource_CONFIRM

http://www.securityfocus.com/bid/106135

vdb-entryx_refsource_BID

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2018
Vulnerability Reserved
Aug 14, 2018