BIG-IP Edge Client for macOS vulnerability
CVE-2023-5450

7.3HIGH

Key Information:

Vendor: F5
Status: Big-ip Edge Client
Vendor: CVE Published:; 10 October 2023

Summary

A vulnerability has been identified in the BIG-IP Edge Client Installer on macOS, characterized by inadequate verification of user data. This flaw could potentially enable an attacker to gain elevated privileges during the installation process, leading to unauthorized access or control over the system. It is important to note that software versions which have reached End of Technical Support (EoTS) do not fall under evaluation for this vulnerability.

Affected Version(s)

BIG-IP Edge Client MacOS 7.2.3 < 7.2.4.5

References

https://my.f5.com/manage/s/article/K000135040

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2023
Vulnerability Reserved
Oct 6, 2023

Credit

F5 acknowledges Mickey Jin (@patch1t) of Trend Micro for bringing this issue to our attention and following the highest standards of coordinated disclosure.