BIG-IP Edge Client for macOS vulnerability
CVE-2023-43611

7.8HIGH

Key Information:

Vendor: F5
Status: Big-ip Edge Client
Vendor: CVE Published:; 10 October 2023

Summary

The F5 BIG-IP Edge Client Installer on macOS has a vulnerability that enables unauthorized privilege elevation during installation. This issue stems from an incomplete resolution of a prior vulnerability and emphasizes the importance of adhering to best practices in software installation processes. Users should ensure they are not operating outdated versions that have reached End of Technical Support (EoTS) to avoid exposure to this risk.

Affected Version(s)

BIG-IP Edge Client MacOS 7.2.3 < 7.2.4.4

References

https://my.f5.com/manage/s/article/K000136185

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2023
Vulnerability Reserved
Oct 5, 2023

Credit

F5 acknowledges Mickey Jin (@patch1t) of Trend Micro for bringing this issue to our attention and following the highest standards of coordinated disclosure.