Privilege Escalation Vulnerability in F5 BIG-IP APM Client for Linux and macOS
CVE-2018-5546

7.8HIGH

Key Information:

Vendor
F5
Status
Big-ip Apm Client For Linux
Big-ip Apm Client For Mac OS
Vendor
CVE Published:
17 August 2018

Summary

The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS operate with elevated privileges, enabling unprivileged local users to take ownership of files owned by the root user on the client host. This can lead to unauthorized access to sensitive information and potential manipulation of crucial data, allowing attackers to elevate their privileges to super-user status, which presents significant security risks for affected systems.

Affected Version(s)

BIG-IP APM client for Linux Prior to version 7.1.7.1

BIG-IP APM client for macOS Prior to version 7.1.7.1

References

https://support.f5.com/csp/article/K54431371
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041510
vdb-entryx_refsource_SECTRACK
https://github.com/mirchr/security-research/blob/master/v...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.