Privilege Escalation Vulnerability in F5 BIG-IP APM Client for Linux and macOS
CVE-2018-5546
7.8HIGH
Key Information:
- Vendor
- F5
- Vendor
- CVE Published:
- 17 August 2018
Summary
The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS operate with elevated privileges, enabling unprivileged local users to take ownership of files owned by the root user on the client host. This can lead to unauthorized access to sensitive information and potential manipulation of crucial data, allowing attackers to elevate their privileges to super-user status, which presents significant security risks for affected systems.
Affected Version(s)
BIG-IP APM client for Linux Prior to version 7.1.7.1
BIG-IP APM client for macOS Prior to version 7.1.7.1
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved