← Back

CVE-2018-15332

nvd nist
Published: Dec 6, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.0
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.0 / Impact: 5.9
Source: NVD

Description

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition.

Affected (5)

F5
2 products
Big Ip Access Policy Manager
Big Ip Access Policy Manager Client
Configuration A
5 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
F5
Big Ip Access Policy Manager
From 11.5.1 to 11.6.3
Big Ip Access Policy Manager
From 12.1.0 to 12.1.3
Big Ip Access Policy Manager
From 13.0.0 to 13.1.1
Big Ip Access Policy Manager
Version 14.0.0
Big Ip Access Policy Manager Client
From 7.1.5 to 7.1.7
Running on/withPlatform Versions
Apple
Macos
All versions
Linux
Linux Kernel
All versions

Related CWEs

CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (4)

Source: f5sirt@f5.com
Third Party AdvisoryVDB Entry
Source: f5sirt@f5.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.