← Back

CVE-2018-5546

nvd nist
Published: Aug 17, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host.

Affected (2)

F5
2 products
Big Ip Access Policy Manager Client
Big Ip Access Policy Manager
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Big Ip Access Policy Manager Client
From 7.1.5 to 7.1.7
Configuration B
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Big Ip Access Policy Manager
From 12.1.0 to 12.1.3
Running on/withPlatform Versions
Apple
Macos
All versions
Linux
Linux Kernel
All versions

Related CWEs

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (6)

Source: f5sirt@f5.com
Broken Link
Source: f5sirt@f5.com
ExploitThird Party Advisory
Source: f5sirt@f5.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.