Search
Find a vulnerability
Search criteria
27 vulnerabilities found for BIG-IP Edge Client by F5
CVE-2026-20730 (GCVE-0-2026-20730)
Vulnerability from nvd – Published: 2026-02-04 15:02 – Updated: 2026-02-04 16:10
VLAI
Title
BIG-IP Edge Client for Windows vulnerability
Summary
A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000158931 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.5 , < 7.2.6.2
(custom)
|
Date Public
2026-02-04 15:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T16:09:05.798351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:10:57.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.6.2",
"status": "affected",
"version": "7.2.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2026-02-04T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information.\u0026nbsp;\u0026nbsp;\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"value": "A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T15:02:04.810Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000158931"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BIG-IP Edge Client for Windows vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2026-20730",
"datePublished": "2026-02-04T15:02:04.810Z",
"dateReserved": "2026-01-21T21:33:16.349Z",
"dateUpdated": "2026-02-04T16:10:57.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48500 (GCVE-0-2025-48500)
Vulnerability from nvd – Published: 2025-08-13 14:46 – Updated: 2026-02-26 17:48
VLAI
Title
BIG-IP APM VPN web client for macOS vulnerability
Summary
A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-353 - Missing Support for Integrity Check
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000151782 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.4 , < 7.2.5.3
(custom)
|
|
| F5 | BIG-IP |
Affected:
17.5.0 , < *
(custom)
Affected: 17.1.0 , < * (custom) Affected: 16.1.0 , < * (custom) Affected: 15.1.0 , < * (custom) |
Date Public
2025-08-13 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48500",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T03:56:00.540232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:40.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"BIG-IP Edge Client for MacOS"
],
"platforms": [
"MacOS"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.5.3",
"status": "affected",
"version": "7.2.4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"APM"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "17.5.0",
"versionType": "custom"
},
{
"lessThan": "*",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "*",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThan": "*",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "F5 acknowledges Adwiteeya Agrawal of Snapchat, Inc for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2025-08-13T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\u003c/span\u003e"
}
],
"value": "A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.\u00a0\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-353",
"description": "CWE-353: Missing Support for Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T14:46:54.682Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000151782"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP APM VPN web client for macOS vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2025-48500",
"datePublished": "2025-08-13T14:46:54.682Z",
"dateReserved": "2025-07-29T17:12:25.024Z",
"dateUpdated": "2026-02-26T17:48:40.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-28883 (GCVE-0-2024-28883)
Vulnerability from nvd – Published: 2024-05-08 15:01 – Updated: 2024-08-02 01:03
VLAI
Title
BIG-IP APM browser network access VPN client vulnerability
Summary
An origin validation vulnerability exists in
BIG-IP APM browser network access VPN client
for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000138744 | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.3 , < 7.2.4.4
(custom)
|
|
| F5 | BIG-IP |
Affected:
17.1.0 , < 17.1.1
(custom)
Affected: 16.1.0 , < 16.1.4.2 (custom) Affected: 15.1.0 , < 15.1.10.3 (custom) |
|
| f5 | big-ip |
Affected:
17.1.0
Affected: 16.1.0 , ≤ 16.1.4 (custom) Affected: 15.1.0 , ≤ 15.1.10 (custom) cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:* |
|
| f5 | apm_clients |
Affected:
7.2.3 , ≤ 7.2.4
(custom)
cpe:2.3:a:f5:apm_clients:*:*:*:*:*:*:*:* |
Date Public
2024-05-08 14:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "big-ip",
"vendor": "f5",
"versions": [
{
"status": "affected",
"version": "17.1.0"
},
{
"lessThanOrEqual": "16.1.4",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "15.1.10",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:f5:apm_clients:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apm_clients",
"vendor": "f5",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T19:53:38.815787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T20:11:20.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "ADP Container"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:50.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000138744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows",
"Linux",
"MacOS"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.4.4",
"status": "affected",
"version": "7.2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"modules": [
"APM"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "16.1.4.2",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThan": "15.1.10.3",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2024-05-08T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An origin validation vulnerability exists in \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBIG-IP APM browser network access VPN client \u003c/span\u003e\n\n\n\n for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "An origin validation vulnerability exists in \n\nBIG-IP APM browser network access VPN client \n\n\n\n for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-08T15:01:24.931Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000138744"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BIG-IP APM browser network access VPN client vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2024-28883",
"datePublished": "2024-05-08T15:01:24.931Z",
"dateReserved": "2024-04-24T21:34:20.645Z",
"dateUpdated": "2024-08-02T01:03:50.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5450 (GCVE-0-2023-5450)
Vulnerability from nvd – Published: 2023-10-10 12:31 – Updated: 2024-09-13 16:41
VLAI
Title
BIG-IP Edge Client for macOS vulnerability
Summary
An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000135040 | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.3 , < 7.2.4.5
(semver)
|
|
| f5 | big-ip_access_policy_manager |
Affected:
17.1.0 , < 17.1.1.1
(custom)
Affected: 16.1.0 , < 16.1.4.2 (custom) Affected: 15.1.0 , < 15.1.10.3 (custom) cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* |
|
| f5 | access_policy_manager_clients |
Affected:
7.2.3 , < 7.2.5
(custom)
cpe:2.3:a:f5:access_policy_manager_clients:*:*:*:*:*:*:*:* |
Date Public
2023-08-02 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000135040"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "big-ip_access_policy_manager",
"vendor": "f5",
"versions": [
{
"lessThan": "17.1.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "16.1.4.2",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThan": "15.1.10.3",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:f5:access_policy_manager_clients:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "access_policy_manager_clients",
"vendor": "f5",
"versions": [
{
"lessThan": "7.2.5",
"status": "affected",
"version": "7.2.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5450",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T16:33:52.624501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T16:41:55.571Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"MacOS"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.4.5",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5 acknowledges Mickey Jin (@patch1t) of Trend Micro for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2023-08-02T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.\u0026nbsp;\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\nAn insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T12:31:48.600Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000135040"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP Edge Client for macOS vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-5450",
"datePublished": "2023-10-10T12:31:48.600Z",
"dateReserved": "2023-10-06T16:06:33.781Z",
"dateUpdated": "2024-09-13T16:41:55.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43611 (GCVE-0-2023-43611)
Vulnerability from nvd – Published: 2023-10-10 12:34 – Updated: 2024-09-19 13:33
VLAI
Title
BIG-IP Edge Client for macOS vulnerability
Summary
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000136185 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.3 , < 7.2.4.4
(semver)
|
|
| f5 | big-ip_edge_client |
Affected:
7.2.3 , < 7.2.4.4
(semver)
cpe:2.3:a:f5:big-ip_edge_client:*:*:*:*:*:*:*:* |
Date Public
2023-10-18 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000136185"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:f5:big-ip_edge_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "big-ip_edge_client",
"vendor": "f5",
"versions": [
{
"lessThan": "7.2.4.4",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43611",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T13:32:27.232117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T13:33:37.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"MacOS"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.4.4",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5 acknowledges Mickey Jin (@patch1t) of Trend Micro for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2023-10-18T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eThe BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.\u0026nbsp; This vulnerability is due to an incomplete fix for CVE-2023-38418.\u0026nbsp;\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "\nThe BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.\u00a0 This vulnerability is due to an incomplete fix for CVE-2023-38418.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T12:34:29.102Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000136185"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP Edge Client for macOS vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-43611",
"datePublished": "2023-10-10T12:34:29.102Z",
"dateReserved": "2023-10-05T19:17:25.717Z",
"dateUpdated": "2024-09-19T13:33:37.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43125 (GCVE-0-2023-43125)
Vulnerability from nvd – Published: 2023-09-27 15:22 – Updated: 2024-09-24 13:13
VLAI
Title
BIG-IP APM Clients TunnelCrack vulnerability
Summary
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000136909 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.3 , < *
(semver)
|
|
| F5 | F5 Access |
Affected:
3.0 , < *
(semver)
|
Date Public
2023-09-27 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000136909"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T13:13:02.532926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T13:13:09.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"iOS",
"Android"
],
"product": "F5 Access",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "3.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf"
}
],
"datePublic": "2023-09-27T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBIG-IP APM clients may send IP traffic outside of the VPN tunnel.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"value": "\nBIG-IP APM clients may send IP traffic outside of the VPN tunnel.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-27T15:22:07.212Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000136909"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP APM Clients TunnelCrack vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-43125",
"datePublished": "2023-09-27T15:22:07.212Z",
"dateReserved": "2023-09-18T15:33:53.948Z",
"dateUpdated": "2024-09-24T13:13:09.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43124 (GCVE-0-2023-43124)
Vulnerability from nvd – Published: 2023-09-27 15:21 – Updated: 2024-09-23 15:06
VLAI
Title
BIG-IP APM Clients TunnelCrack vulnerability
Summary
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000136907 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.3 , < *
(semver)
|
|
| F5 | F5 Access |
Affected:
3.0 , < *
(semver)
|
Date Public
2023-09-27 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000136907"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T14:38:51.284696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T15:06:23.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Android",
"iOS"
],
"product": "F5 Access",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "3.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf"
}
],
"datePublic": "2023-09-27T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBIG-IP APM clients may send IP traffic outside of the VPN tunnel.\u0026nbsp;\u0026nbsp;\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"value": "\nBIG-IP APM clients may send IP traffic outside of the VPN tunnel.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-27T15:21:50.794Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000136907"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP APM Clients TunnelCrack vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-43124",
"datePublished": "2023-09-27T15:21:50.794Z",
"dateReserved": "2023-09-18T15:33:53.947Z",
"dateUpdated": "2024-09-23T15:06:23.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38418 (GCVE-0-2023-38418)
Vulnerability from nvd – Published: 2023-08-02 15:55 – Updated: 2024-10-17 18:47
VLAI
Title
BIG-IP Edge Client for macOS vulnerability
Summary
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000134746 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.3 , < 7.2.4.3
(semver)
|
Date Public
2023-01-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000134746"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38418",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T18:47:14.302987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T18:47:23.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"MacOS"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.4.3",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5 acknowledges Mickey Jin (@patch1t) of Trend Micro for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2023-01-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "\nThe BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T15:55:17.276Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000134746"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP Edge Client for macOS vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-38418",
"datePublished": "2023-08-02T15:55:17.276Z",
"dateReserved": "2023-07-17T22:41:24.603Z",
"dateUpdated": "2024-10-17T18:47:23.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36858 (GCVE-0-2023-36858)
Vulnerability from nvd – Published: 2023-08-02 15:54 – Updated: 2024-10-17 18:49
VLAI
Title
BIG-IP Edge Client for Windows and macOS vulnerability
Summary
An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000132563 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.3 , < 7.2.4.3
(semver)
|
|
| f5 | big-ip_edge_client |
Affected:
7.2.3 , < 7.2.4.3
(semver)
cpe:2.3:a:f5:big-ip_edge_client:*:*:*:*:*:*:*:* |
Date Public
2023-08-02 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000132563"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:f5:big-ip_edge_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "big-ip_edge_client",
"vendor": "f5",
"versions": [
{
"lessThan": "7.2.4.3",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T18:48:17.923251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T18:49:54.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows",
"MacOS"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.4.3",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5 acknowledges Gianluca Palma of Engineering Ingegneria Informatica S.p.A. for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2023-08-02T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list.\u0026nbsp;\u0026nbsp;\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "\nAn insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T15:54:34.803Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000132563"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP Edge Client for Windows and macOS vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-36858",
"datePublished": "2023-08-02T15:54:34.803Z",
"dateReserved": "2023-07-17T22:41:24.587Z",
"dateUpdated": "2024-10-17T18:49:54.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24461 (GCVE-0-2023-24461)
Vulnerability from nvd – Published: 2023-05-03 14:31 – Updated: 2025-01-29 21:41
VLAI
Title
BIG-IP Edge Client for Windows and macOS vulnerability
Summary
An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000132539 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.2 , < 7.2.4.1
(semver)
|
Date Public
2023-05-03 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000132539"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T21:41:18.993850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T21:41:27.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows",
"MacOS"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.4.1",
"status": "affected",
"version": "7.2.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5 acknowledges Gianluca Palma of Engineering Ingegneria Informatica S.p.A. for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2023-05-03T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eimproper certificate validation\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "\nAn improper certificate validation\u00a0vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T14:31:08.249Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000132539"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP Edge Client for Windows and macOS vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-24461",
"datePublished": "2023-05-03T14:31:08.249Z",
"dateReserved": "2023-04-14T23:08:02.602Z",
"dateUpdated": "2025-01-29T21:41:27.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22372 (GCVE-0-2023-22372)
Vulnerability from nvd – Published: 2023-05-03 14:30 – Updated: 2025-01-29 21:45
VLAI
Title
BIG-IP Edge Client for Windows and Mac OS vulnerability
Summary
In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000132522 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.2 , < 7.2.4.1
(semver)
|
Date Public
2023-05-03 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000132522"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T21:45:19.217570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T21:45:41.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows",
"MacOS"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.4.1",
"status": "affected",
"version": "7.2.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5 acknowledges Gianluca Palma of Engineering Ingegneria Informatica S.p.A. for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2023-05-03T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "\nIn the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-924",
"description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T14:30:55.988Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000132522"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP Edge Client for Windows and Mac OS vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-22372",
"datePublished": "2023-05-03T14:30:55.988Z",
"dateReserved": "2023-04-14T23:08:02.598Z",
"dateUpdated": "2025-01-29T21:45:41.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-20730 (GCVE-0-2026-20730)
Vulnerability from cvelistv5 – Published: 2026-02-04 15:02 – Updated: 2026-02-04 16:10
VLAI
Title
BIG-IP Edge Client for Windows vulnerability
Summary
A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000158931 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.5 , < 7.2.6.2
(custom)
|
Date Public
2026-02-04 15:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T16:09:05.798351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:10:57.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.6.2",
"status": "affected",
"version": "7.2.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2026-02-04T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information.\u0026nbsp;\u0026nbsp;\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"value": "A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T15:02:04.810Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000158931"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BIG-IP Edge Client for Windows vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2026-20730",
"datePublished": "2026-02-04T15:02:04.810Z",
"dateReserved": "2026-01-21T21:33:16.349Z",
"dateUpdated": "2026-02-04T16:10:57.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48500 (GCVE-0-2025-48500)
Vulnerability from cvelistv5 – Published: 2025-08-13 14:46 – Updated: 2026-02-26 17:48
VLAI
Title
BIG-IP APM VPN web client for macOS vulnerability
Summary
A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-353 - Missing Support for Integrity Check
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000151782 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.4 , < 7.2.5.3
(custom)
|
|
| F5 | BIG-IP |
Affected:
17.5.0 , < *
(custom)
Affected: 17.1.0 , < * (custom) Affected: 16.1.0 , < * (custom) Affected: 15.1.0 , < * (custom) |
Date Public
2025-08-13 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48500",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T03:56:00.540232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:40.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"BIG-IP Edge Client for MacOS"
],
"platforms": [
"MacOS"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.5.3",
"status": "affected",
"version": "7.2.4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"APM"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "17.5.0",
"versionType": "custom"
},
{
"lessThan": "*",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "*",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThan": "*",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "F5 acknowledges Adwiteeya Agrawal of Snapchat, Inc for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2025-08-13T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\u003c/span\u003e"
}
],
"value": "A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.\u00a0\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-353",
"description": "CWE-353: Missing Support for Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T14:46:54.682Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000151782"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP APM VPN web client for macOS vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2025-48500",
"datePublished": "2025-08-13T14:46:54.682Z",
"dateReserved": "2025-07-29T17:12:25.024Z",
"dateUpdated": "2026-02-26T17:48:40.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-28883 (GCVE-0-2024-28883)
Vulnerability from cvelistv5 – Published: 2024-05-08 15:01 – Updated: 2024-08-02 01:03
VLAI
Title
BIG-IP APM browser network access VPN client vulnerability
Summary
An origin validation vulnerability exists in
BIG-IP APM browser network access VPN client
for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000138744 | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.3 , < 7.2.4.4
(custom)
|
|
| F5 | BIG-IP |
Affected:
17.1.0 , < 17.1.1
(custom)
Affected: 16.1.0 , < 16.1.4.2 (custom) Affected: 15.1.0 , < 15.1.10.3 (custom) |
|
| f5 | big-ip |
Affected:
17.1.0
Affected: 16.1.0 , ≤ 16.1.4 (custom) Affected: 15.1.0 , ≤ 15.1.10 (custom) cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:* |
|
| f5 | apm_clients |
Affected:
7.2.3 , ≤ 7.2.4
(custom)
cpe:2.3:a:f5:apm_clients:*:*:*:*:*:*:*:* |
Date Public
2024-05-08 14:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "big-ip",
"vendor": "f5",
"versions": [
{
"status": "affected",
"version": "17.1.0"
},
{
"lessThanOrEqual": "16.1.4",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "15.1.10",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:f5:apm_clients:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apm_clients",
"vendor": "f5",
"versions": [
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T19:53:38.815787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T20:11:20.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "ADP Container"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:50.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000138744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows",
"Linux",
"MacOS"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.4.4",
"status": "affected",
"version": "7.2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"modules": [
"APM"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "16.1.4.2",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThan": "15.1.10.3",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2024-05-08T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An origin validation vulnerability exists in \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBIG-IP APM browser network access VPN client \u003c/span\u003e\n\n\n\n for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "An origin validation vulnerability exists in \n\nBIG-IP APM browser network access VPN client \n\n\n\n for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-08T15:01:24.931Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000138744"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BIG-IP APM browser network access VPN client vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2024-28883",
"datePublished": "2024-05-08T15:01:24.931Z",
"dateReserved": "2024-04-24T21:34:20.645Z",
"dateUpdated": "2024-08-02T01:03:50.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43611 (GCVE-0-2023-43611)
Vulnerability from cvelistv5 – Published: 2023-10-10 12:34 – Updated: 2024-09-19 13:33
VLAI
Title
BIG-IP Edge Client for macOS vulnerability
Summary
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000136185 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.3 , < 7.2.4.4
(semver)
|
|
| f5 | big-ip_edge_client |
Affected:
7.2.3 , < 7.2.4.4
(semver)
cpe:2.3:a:f5:big-ip_edge_client:*:*:*:*:*:*:*:* |
Date Public
2023-10-18 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000136185"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:f5:big-ip_edge_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "big-ip_edge_client",
"vendor": "f5",
"versions": [
{
"lessThan": "7.2.4.4",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43611",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T13:32:27.232117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T13:33:37.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"MacOS"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.4.4",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5 acknowledges Mickey Jin (@patch1t) of Trend Micro for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2023-10-18T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eThe BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.\u0026nbsp; This vulnerability is due to an incomplete fix for CVE-2023-38418.\u0026nbsp;\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "\nThe BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.\u00a0 This vulnerability is due to an incomplete fix for CVE-2023-38418.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T12:34:29.102Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000136185"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP Edge Client for macOS vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-43611",
"datePublished": "2023-10-10T12:34:29.102Z",
"dateReserved": "2023-10-05T19:17:25.717Z",
"dateUpdated": "2024-09-19T13:33:37.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5450 (GCVE-0-2023-5450)
Vulnerability from cvelistv5 – Published: 2023-10-10 12:31 – Updated: 2024-09-13 16:41
VLAI
Title
BIG-IP Edge Client for macOS vulnerability
Summary
An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000135040 | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.3 , < 7.2.4.5
(semver)
|
|
| f5 | big-ip_access_policy_manager |
Affected:
17.1.0 , < 17.1.1.1
(custom)
Affected: 16.1.0 , < 16.1.4.2 (custom) Affected: 15.1.0 , < 15.1.10.3 (custom) cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* |
|
| f5 | access_policy_manager_clients |
Affected:
7.2.3 , < 7.2.5
(custom)
cpe:2.3:a:f5:access_policy_manager_clients:*:*:*:*:*:*:*:* |
Date Public
2023-08-02 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000135040"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "big-ip_access_policy_manager",
"vendor": "f5",
"versions": [
{
"lessThan": "17.1.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "16.1.4.2",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThan": "15.1.10.3",
"status": "affected",
"version": "15.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:f5:access_policy_manager_clients:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "access_policy_manager_clients",
"vendor": "f5",
"versions": [
{
"lessThan": "7.2.5",
"status": "affected",
"version": "7.2.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5450",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T16:33:52.624501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T16:41:55.571Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"MacOS"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.4.5",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5 acknowledges Mickey Jin (@patch1t) of Trend Micro for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2023-08-02T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.\u0026nbsp;\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\nAn insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T12:31:48.600Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000135040"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP Edge Client for macOS vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-5450",
"datePublished": "2023-10-10T12:31:48.600Z",
"dateReserved": "2023-10-06T16:06:33.781Z",
"dateUpdated": "2024-09-13T16:41:55.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43125 (GCVE-0-2023-43125)
Vulnerability from cvelistv5 – Published: 2023-09-27 15:22 – Updated: 2024-09-24 13:13
VLAI
Title
BIG-IP APM Clients TunnelCrack vulnerability
Summary
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000136909 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.3 , < *
(semver)
|
|
| F5 | F5 Access |
Affected:
3.0 , < *
(semver)
|
Date Public
2023-09-27 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000136909"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T13:13:02.532926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T13:13:09.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"iOS",
"Android"
],
"product": "F5 Access",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "3.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf"
}
],
"datePublic": "2023-09-27T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBIG-IP APM clients may send IP traffic outside of the VPN tunnel.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"value": "\nBIG-IP APM clients may send IP traffic outside of the VPN tunnel.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-27T15:22:07.212Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000136909"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP APM Clients TunnelCrack vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-43125",
"datePublished": "2023-09-27T15:22:07.212Z",
"dateReserved": "2023-09-18T15:33:53.948Z",
"dateUpdated": "2024-09-24T13:13:09.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43124 (GCVE-0-2023-43124)
Vulnerability from cvelistv5 – Published: 2023-09-27 15:21 – Updated: 2024-09-23 15:06
VLAI
Title
BIG-IP APM Clients TunnelCrack vulnerability
Summary
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000136907 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.3 , < *
(semver)
|
|
| F5 | F5 Access |
Affected:
3.0 , < *
(semver)
|
Date Public
2023-09-27 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000136907"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T14:38:51.284696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T15:06:23.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Android",
"iOS"
],
"product": "F5 Access",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "3.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf"
}
],
"datePublic": "2023-09-27T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBIG-IP APM clients may send IP traffic outside of the VPN tunnel.\u0026nbsp;\u0026nbsp;\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"value": "\nBIG-IP APM clients may send IP traffic outside of the VPN tunnel.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-27T15:21:50.794Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000136907"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP APM Clients TunnelCrack vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-43124",
"datePublished": "2023-09-27T15:21:50.794Z",
"dateReserved": "2023-09-18T15:33:53.947Z",
"dateUpdated": "2024-09-23T15:06:23.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38418 (GCVE-0-2023-38418)
Vulnerability from cvelistv5 – Published: 2023-08-02 15:55 – Updated: 2024-10-17 18:47
VLAI
Title
BIG-IP Edge Client for macOS vulnerability
Summary
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000134746 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.3 , < 7.2.4.3
(semver)
|
Date Public
2023-01-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000134746"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38418",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T18:47:14.302987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T18:47:23.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"MacOS"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.4.3",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5 acknowledges Mickey Jin (@patch1t) of Trend Micro for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2023-01-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "\nThe BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T15:55:17.276Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000134746"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP Edge Client for macOS vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-38418",
"datePublished": "2023-08-02T15:55:17.276Z",
"dateReserved": "2023-07-17T22:41:24.603Z",
"dateUpdated": "2024-10-17T18:47:23.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36858 (GCVE-0-2023-36858)
Vulnerability from cvelistv5 – Published: 2023-08-02 15:54 – Updated: 2024-10-17 18:49
VLAI
Title
BIG-IP Edge Client for Windows and macOS vulnerability
Summary
An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000132563 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.3 , < 7.2.4.3
(semver)
|
|
| f5 | big-ip_edge_client |
Affected:
7.2.3 , < 7.2.4.3
(semver)
cpe:2.3:a:f5:big-ip_edge_client:*:*:*:*:*:*:*:* |
Date Public
2023-08-02 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000132563"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:f5:big-ip_edge_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "big-ip_edge_client",
"vendor": "f5",
"versions": [
{
"lessThan": "7.2.4.3",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T18:48:17.923251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T18:49:54.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows",
"MacOS"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.4.3",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5 acknowledges Gianluca Palma of Engineering Ingegneria Informatica S.p.A. for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2023-08-02T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list.\u0026nbsp;\u0026nbsp;\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "\nAn insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T15:54:34.803Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000132563"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP Edge Client for Windows and macOS vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-36858",
"datePublished": "2023-08-02T15:54:34.803Z",
"dateReserved": "2023-07-17T22:41:24.587Z",
"dateUpdated": "2024-10-17T18:49:54.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24461 (GCVE-0-2023-24461)
Vulnerability from cvelistv5 – Published: 2023-05-03 14:31 – Updated: 2025-01-29 21:41
VLAI
Title
BIG-IP Edge Client for Windows and macOS vulnerability
Summary
An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000132539 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.2 , < 7.2.4.1
(semver)
|
Date Public
2023-05-03 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000132539"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T21:41:18.993850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T21:41:27.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows",
"MacOS"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.4.1",
"status": "affected",
"version": "7.2.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5 acknowledges Gianluca Palma of Engineering Ingegneria Informatica S.p.A. for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2023-05-03T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eimproper certificate validation\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "\nAn improper certificate validation\u00a0vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T14:31:08.249Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000132539"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP Edge Client for Windows and macOS vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-24461",
"datePublished": "2023-05-03T14:31:08.249Z",
"dateReserved": "2023-04-14T23:08:02.602Z",
"dateUpdated": "2025-01-29T21:41:27.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22372 (GCVE-0-2023-22372)
Vulnerability from cvelistv5 – Published: 2023-05-03 14:30 – Updated: 2025-01-29 21:45
VLAI
Title
BIG-IP Edge Client for Windows and Mac OS vulnerability
Summary
In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000132522 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP Edge Client |
Affected:
7.2.2 , < 7.2.4.1
(semver)
|
Date Public
2023-05-03 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000132522"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T21:45:19.217570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T21:45:41.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows",
"MacOS"
],
"product": "BIG-IP Edge Client",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.4.1",
"status": "affected",
"version": "7.2.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5 acknowledges Gianluca Palma of Engineering Ingegneria Informatica S.p.A. for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2023-05-03T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "\nIn the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-924",
"description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T14:30:55.988Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000132522"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP Edge Client for Windows and Mac OS vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-22372",
"datePublished": "2023-05-03T14:30:55.988Z",
"dateReserved": "2023-04-14T23:08:02.598Z",
"dateUpdated": "2025-01-29T21:45:41.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201810-0912
Vulnerability from variot - Updated: 2024-11-23 23:04In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks. Multiple F5 BIG-IP Products are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Edge Client is an integrated remote access client used in BIG-IP solutions. A local attacker could exploit this vulnerability to bypass endpoint detection
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0912",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.1.1"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip edge client",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "7160"
},
{
"model": "big-ip access policy manager client",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "7.1.6"
},
{
"model": "big-ip access policy manager client",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "7.1.5"
},
{
"model": "big-ip edge client",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "7101"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "13.0.0 to 13.1.1.1"
},
{
"model": "big-ip access policy manager client",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "7.1.5 to 7.1.6"
},
{
"model": "big-ip edge client",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "7101 to 7160"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "13.1.0.8"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "13.1.0.7"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "13.1.0.2"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "13.1.0.5"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "13.1.0.6"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "13.1.1"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "13.1.0.3"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "13.1.0.4"
},
{
"model": "big-ip access policy manager client",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "7.1.6"
},
{
"model": "big-ip access policy manager client",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "7.1.5"
},
{
"model": "big-ip edge client",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7160"
},
{
"model": "big-ip edge client",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7150"
},
{
"model": "big-ip edge client",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7101"
},
{
"model": "big-ip apm clients",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7.1.6"
},
{
"model": "big-ip apm clients",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7.1.5"
},
{
"model": "big-ip apm clients",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7.1.6.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "13.1.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "13.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "13.0.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "13.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "13.1.0.8"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "13.1.0.6"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "13.1.0.5"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "13.1.0.4"
},
{
"model": "big-ip edge client",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "7170"
},
{
"model": "big-ip apm clients",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "7.1.7"
},
{
"model": "big-ip apm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "13.1.1.2"
}
],
"sources": [
{
"db": "BID",
"id": "105731"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011247"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1094"
},
{
"db": "NVD",
"id": "CVE-2018-15316"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:f5:big-ip_access_policy_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f5:big-ip_access_policy_manager_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f5:big-ip_edge",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011247"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "105731"
}
],
"trust": 0.3
},
"cve": "CVE-2018-15316",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-15316",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-125563",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2018-15316",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-15316",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-15316",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1094",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-125563",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125563"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011247"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1094"
},
{
"db": "NVD",
"id": "CVE-2018-15316"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks. Multiple F5 BIG-IP Products are prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Edge Client is an integrated remote access client used in BIG-IP solutions. A local attacker could exploit this vulnerability to bypass endpoint detection",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15316"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011247"
},
{
"db": "BID",
"id": "105731"
},
{
"db": "VULHUB",
"id": "VHN-125563"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15316",
"trust": 2.8
},
{
"db": "BID",
"id": "105731",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1041936",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011247",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1094",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-125563",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125563"
},
{
"db": "BID",
"id": "105731"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011247"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1094"
},
{
"db": "NVD",
"id": "CVE-2018-15316"
}
]
},
"id": "VAR-201810-0912",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-125563"
}
],
"trust": 0.5444825600000001
},
"last_update_date": "2024-11-23T23:04:57.036000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "K51220077",
"trust": 0.8,
"url": "https://support.f5.com/csp/article/K51220077"
},
{
"title": "F5 BIG-IP APM , APM Client and Edge Client Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86220"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011247"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1094"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125563"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011247"
},
{
"db": "NVD",
"id": "CVE-2018-15316"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.f5.com/csp/article/k51220077"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105731"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1041936"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15316"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15316"
},
{
"trust": 0.3,
"url": "http://www.f5.com/products/big-ip/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125563"
},
{
"db": "BID",
"id": "105731"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011247"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1094"
},
{
"db": "NVD",
"id": "CVE-2018-15316"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-125563"
},
{
"db": "BID",
"id": "105731"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011247"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1094"
},
{
"db": "NVD",
"id": "CVE-2018-15316"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-125563"
},
{
"date": "2018-10-18T00:00:00",
"db": "BID",
"id": "105731"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011247"
},
{
"date": "2018-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1094"
},
{
"date": "2018-10-19T13:29:00.587000",
"db": "NVD",
"id": "CVE-2018-15316"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-125563"
},
{
"date": "2018-10-18T00:00:00",
"db": "BID",
"id": "105731"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011247"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1094"
},
{
"date": "2024-11-21T03:50:32.690000",
"db": "NVD",
"id": "CVE-2018-15316"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1094"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural F5 Vulnerabilities related to security functions in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011247"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1094"
}
],
"trust": 0.6
}
}
VAR-201812-0372
Vulnerability from variot - Updated: 2024-11-23 22:45The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition. F5 BIG-IP APM Client is prone to a local privilege escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges. BIG-IP APM Client prior to 7.1.7.2 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0372",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.6.3"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.1"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.3"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip access policy manager client",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "7.1.5"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip access policy manager client",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "7.1.7"
},
{
"model": "big-ip access policy manager",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "big-ip access policy manager client",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "7.1.7.2 (linux and macos)"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "13.1.0.8"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "13.1.0.7"
},
{
"model": "big-ip access policy manager client",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "7.1.6.1"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "13.1.0.5"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "13.1.0.6"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "13.1.1"
},
{
"model": "big-ip access policy manager client",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "7.1.7"
},
{
"model": "big-ip access policy manager client",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "7.1.6"
},
{
"model": "big-ip access policy manager client",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "7.1.5"
},
{
"model": "big-ip edge client",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7150"
},
{
"model": "big-ip edge client",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7101"
},
{
"model": "big-ip apm clients",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7.1.7"
},
{
"model": "big-ip apm clients",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7.1.6"
},
{
"model": "big-ip apm clients",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7.1.5"
},
{
"model": "big-ip apm clients",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7.1.7.1"
},
{
"model": "big-ip apm clients",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7.1.6.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "14.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "13.1.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "13.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "13.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.3"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.3"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.2"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.6"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.5"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.3"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.2"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.4"
},
{
"model": "big-ip apm clients",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "7.1.7.2"
}
],
"sources": [
{
"db": "BID",
"id": "106135"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013272"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-237"
},
{
"db": "NVD",
"id": "CVE-2018-15332"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:f5:big-ip_access_policy_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f5:big-ip_access_policy_manager_client",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013272"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rich Mirch",
"sources": [
{
"db": "BID",
"id": "106135"
}
],
"trust": 0.3
},
"cve": "CVE-2018-15332",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2018-15332",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2018-15332",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-15332",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-15332",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-237",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-15332",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-15332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013272"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-237"
},
{
"db": "NVD",
"id": "CVE-2018-15332"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition. F5 BIG-IP APM Client is prone to a local privilege escalation vulnerability. \nLocal attackers may exploit this issue to gain elevated privileges. \nBIG-IP APM Client prior to 7.1.7.2 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013272"
},
{
"db": "BID",
"id": "106135"
},
{
"db": "VULMON",
"id": "CVE-2018-15332"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15332",
"trust": 2.8
},
{
"db": "BID",
"id": "106135",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013272",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-237",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-15332",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-15332"
},
{
"db": "BID",
"id": "106135"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013272"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-237"
},
{
"db": "NVD",
"id": "CVE-2018-15332"
}
]
},
"id": "VAR-201812-0372",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.44448256
},
"last_update_date": "2024-11-23T22:45:08.441000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "K12130880",
"trust": 0.8,
"url": "https://support.f5.com/csp/article/K12130880"
},
{
"title": "F5 BIG-IP APM and BIG-IP APM Clients svpn Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87513"
},
{
"title": "security-research",
"trust": 0.1,
"url": "https://github.com/mirchr/security-research "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-15332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013272"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-237"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013272"
},
{
"db": "NVD",
"id": "CVE-2018-15332"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.f5.com/csp/article/k12130880"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/106135"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15332"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15332"
},
{
"trust": 0.3,
"url": "http://www.f5.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/mirchr/security-research"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-15332"
},
{
"db": "BID",
"id": "106135"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013272"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-237"
},
{
"db": "NVD",
"id": "CVE-2018-15332"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2018-15332"
},
{
"db": "BID",
"id": "106135"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013272"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-237"
},
{
"db": "NVD",
"id": "CVE-2018-15332"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-06T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15332"
},
{
"date": "2018-12-06T00:00:00",
"db": "BID",
"id": "106135"
},
{
"date": "2019-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013272"
},
{
"date": "2018-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-237"
},
{
"date": "2018-12-06T13:29:00.247000",
"db": "NVD",
"id": "CVE-2018-15332"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15332"
},
{
"date": "2018-12-06T00:00:00",
"db": "BID",
"id": "106135"
},
{
"date": "2019-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013272"
},
{
"date": "2021-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-237"
},
{
"date": "2024-11-21T03:50:35.043000",
"db": "NVD",
"id": "CVE-2018-15332"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "106135"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-237"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux and macOS for F5 BIG-IP APM client Race condition vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013272"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competition condition problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-237"
}
],
"trust": 0.6
}
}
VAR-201807-2198
Vulnerability from variot - Updated: 2024-11-23 22:41The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or disrupt service. F5 BIG-IP APM client Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP APM Client is prone to a local privilege escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges. The software primarily provides unified access to business-critical applications and networks. svpn is one of the VPN components. policyserver is one of the policy servers. There are security vulnerabilities in the svpn and policyserver components of F5 BIG-IP APM client versions earlier than 7.1.7.1 based on Linux and macOS platforms
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-2198",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.3"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "7.1.6.1"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip edge",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "7101"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.6"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "7.1.5"
},
{
"model": "big-ip edge",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "7150"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "11.5.1 to 11.5.6"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "12.1.0 to 12.1.3"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "13.0.0 to 13.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "clients 7.1.5 to 7.1.6.1"
},
{
"model": "big-ip edge client",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "11.5.2"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "11.5.4"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "11.5.3"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "f5",
"version": "11.5.5"
},
{
"model": "big-ip edge client",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7150"
},
{
"model": "big-ip edge client",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7101"
},
{
"model": "big-ip apm clients",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7.1.5"
},
{
"model": "big-ip apm clients",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7.1.6.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "13.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "13.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.3"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.6"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.5"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.3"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.2"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.4"
},
{
"model": "big-ip apm clients",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "7.1.7"
}
],
"sources": [
{
"db": "BID",
"id": "104730"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007937"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1120"
},
{
"db": "NVD",
"id": "CVE-2018-5529"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:f5:big-ip_access_policy_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f5:big-ip_edge",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007937"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rich Mirch",
"sources": [
{
"db": "BID",
"id": "104730"
}
],
"trust": 0.3
},
"cve": "CVE-2018-5529",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-5529",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-135577",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-135560",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-5529",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5529",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-5529",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1120",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-135577",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-135560",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-5529",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135577"
},
{
"db": "VULHUB",
"id": "VHN-135560"
},
{
"db": "VULMON",
"id": "CVE-2018-5529"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007937"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1120"
},
{
"db": "NVD",
"id": "CVE-2018-5529"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or disrupt service. F5 BIG-IP APM client Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP APM Client is prone to a local privilege escalation vulnerability. \nLocal attackers may exploit this issue to gain elevated privileges. The software primarily provides unified access to business-critical applications and networks. svpn is one of the VPN components. policyserver is one of the policy servers. There are security vulnerabilities in the svpn and policyserver components of F5 BIG-IP APM client versions earlier than 7.1.7.1 based on Linux and macOS platforms",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5529"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007937"
},
{
"db": "BID",
"id": "104730"
},
{
"db": "VULHUB",
"id": "VHN-135577"
},
{
"db": "VULHUB",
"id": "VHN-135560"
},
{
"db": "VULMON",
"id": "CVE-2018-5529"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5529",
"trust": 3.0
},
{
"db": "BID",
"id": "104730",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007937",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1120",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201808-560",
"trust": 0.1
},
{
"db": "SECTRACK",
"id": "1041510",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-135577",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-135560",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-5529",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135577"
},
{
"db": "VULHUB",
"id": "VHN-135560"
},
{
"db": "VULMON",
"id": "CVE-2018-5529"
},
{
"db": "BID",
"id": "104730"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007937"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1120"
},
{
"db": "NVD",
"id": "CVE-2018-5529"
}
]
},
"id": "VAR-201807-2198",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-135577"
},
{
"db": "VULHUB",
"id": "VHN-135560"
}
],
"trust": 0.64448256
},
"last_update_date": "2024-11-23T22:41:46.274000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "K52171282",
"trust": 0.8,
"url": "https://support.f5.com/csp/article/K52171282"
},
{
"title": "F5 BIG-IP APM client svpn Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82125"
},
{
"title": "security-research",
"trust": 0.1,
"url": "https://github.com/mirchr/security-research "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5529"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007937"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1120"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-732",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135577"
},
{
"db": "VULHUB",
"id": "VHN-135560"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007937"
},
{
"db": "NVD",
"id": "CVE-2018-5529"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/104730"
},
{
"trust": 2.1,
"url": "https://support.f5.com/csp/article/k52171282"
},
{
"trust": 1.9,
"url": "https://github.com/mirchr/security-research/blob/master/vulnerabilities/f5/cve-2018-5529.txt"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5529"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5529"
},
{
"trust": 0.3,
"url": "http://www.f5.com/"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k54431371"
},
{
"trust": 0.1,
"url": "http://www.securitytracker.com/id/1041510"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/mirchr/security-research"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135577"
},
{
"db": "VULHUB",
"id": "VHN-135560"
},
{
"db": "VULMON",
"id": "CVE-2018-5529"
},
{
"db": "BID",
"id": "104730"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007937"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1120"
},
{
"db": "NVD",
"id": "CVE-2018-5529"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-135577"
},
{
"db": "VULHUB",
"id": "VHN-135560"
},
{
"db": "VULMON",
"id": "CVE-2018-5529"
},
{
"db": "BID",
"id": "104730"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007937"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1120"
},
{
"db": "NVD",
"id": "CVE-2018-5529"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-135577"
},
{
"date": "2018-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-135560"
},
{
"date": "2018-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5529"
},
{
"date": "2018-07-12T00:00:00",
"db": "BID",
"id": "104730"
},
{
"date": "2018-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007937"
},
{
"date": "2018-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1120"
},
{
"date": "2018-07-12T18:29:00.577000",
"db": "NVD",
"id": "CVE-2018-5529"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-135577"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-135560"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5529"
},
{
"date": "2018-07-12T00:00:00",
"db": "BID",
"id": "104730"
},
{
"date": "2018-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007937"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1120"
},
{
"date": "2024-11-21T04:09:00.290000",
"db": "NVD",
"id": "CVE-2018-5529"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "104730"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1120"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "F5 BIG-IP APM client Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007937"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1120"
}
],
"trust": 0.6
}
}
VAR-202302-0008
Vulnerability from variot - Updated: 2024-08-14 15:11On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.8"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "17.0.0"
},
{
"model": "big-ip edge",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": null
},
{
"model": "big-ip access policy manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "17.0.0.2"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "7.2.2"
},
{
"model": "big-ip access policy manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "7.2.3.1"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.3"
},
{
"model": "big-ip access policy manager",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "big-ip edge client",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003167"
},
{
"db": "NVD",
"id": "CVE-2023-22283"
}
]
},
"cve": "CVE-2023-22283",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "f5sirt@f5.com",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.6,
"id": "CVE-2023-22283",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-22283",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "f5sirt@f5.com",
"id": "CVE-2023-22283",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-22283",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-22283",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-099",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003167"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-099"
},
{
"db": "NVD",
"id": "CVE-2023-22283"
},
{
"db": "NVD",
"id": "CVE-2023-22283"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22283"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003167"
},
{
"db": "VULHUB",
"id": "VHN-451914"
},
{
"db": "VULMON",
"id": "CVE-2023-22283"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-22283",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003167",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-099",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-451914",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-22283",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-451914"
},
{
"db": "VULMON",
"id": "CVE-2023-22283"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003167"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-099"
},
{
"db": "NVD",
"id": "CVE-2023-22283"
}
]
},
"id": "VAR-202302-0008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-451914"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:11:03.049000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "K07143733",
"trust": 0.8,
"url": "https://my.f5.com/manage/s/article/K07143733"
},
{
"title": "F5 BIG-IP Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=224517"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2023-22283 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-22283"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003167"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-099"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.1
},
{
"problemtype": "Uncontrolled search path elements (CWE-427) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-451914"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003167"
},
{
"db": "NVD",
"id": "CVE-2023-22283"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://my.f5.com/manage/s/article/k07143733"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22283"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-22283/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2023-22283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-451914"
},
{
"db": "VULMON",
"id": "CVE-2023-22283"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003167"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-099"
},
{
"db": "NVD",
"id": "CVE-2023-22283"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-451914"
},
{
"db": "VULMON",
"id": "CVE-2023-22283"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003167"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-099"
},
{
"db": "NVD",
"id": "CVE-2023-22283"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-01T00:00:00",
"db": "VULHUB",
"id": "VHN-451914"
},
{
"date": "2023-02-01T00:00:00",
"db": "VULMON",
"id": "CVE-2023-22283"
},
{
"date": "2023-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-003167"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-099"
},
{
"date": "2023-02-01T18:15:10.727000",
"db": "NVD",
"id": "CVE-2023-22283"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-451914"
},
{
"date": "2023-02-01T00:00:00",
"db": "VULMON",
"id": "CVE-2023-22283"
},
{
"date": "2023-09-01T07:57:00",
"db": "JVNDB",
"id": "JVNDB-2023-003167"
},
{
"date": "2023-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-099"
},
{
"date": "2023-10-04T16:53:45.020000",
"db": "NVD",
"id": "CVE-2023-22283"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-099"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows\u00a0 for \u00a0BIG-IP\u00a0Edge\u00a0Client\u00a0 Vulnerability regarding uncontrolled search path elements in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003167"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-099"
}
],
"trust": 0.6
}
}
VAR-202302-0082
Vulnerability from variot - Updated: 2024-08-14 15:05In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0082",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.8"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "17.0.0"
},
{
"model": "big-ip edge",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": null
},
{
"model": "big-ip access policy manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "17.0.0.2"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "7.2.2"
},
{
"model": "big-ip access policy manager",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "7.2.3.1"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.3"
},
{
"model": "big-ip access policy manager",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "big-ip edge client",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003166"
},
{
"db": "NVD",
"id": "CVE-2023-22358"
}
]
},
"cve": "CVE-2023-22358",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-22358",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-003166",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-22358",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "f5sirt@f5.com",
"id": "CVE-2023-22358",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-003166",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-093",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003166"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-093"
},
{
"db": "NVD",
"id": "CVE-2023-22358"
},
{
"db": "NVD",
"id": "CVE-2023-22358"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-22358"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003166"
},
{
"db": "VULHUB",
"id": "VHN-451922"
},
{
"db": "VULMON",
"id": "CVE-2023-22358"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-22358",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003166",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.0639",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202302-093",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-451922",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2023-22358",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-451922"
},
{
"db": "VULMON",
"id": "CVE-2023-22358"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003166"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-093"
},
{
"db": "NVD",
"id": "CVE-2023-22358"
}
]
},
"id": "VAR-202302-0082",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-451922"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:05:54.928000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "K76964818",
"trust": 0.8,
"url": "https://my.f5.com/manage/s/article/K76964818"
},
{
"title": "F5 BIG-IP Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=224511"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2023-22358 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-22358"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003166"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-093"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.1
},
{
"problemtype": "Uncontrolled search path elements (CWE-427) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-451922"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003166"
},
{
"db": "NVD",
"id": "CVE-2023-22358"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://my.f5.com/manage/s/article/k76964818"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22358"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0639"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-22358/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2023-22358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-451922"
},
{
"db": "VULMON",
"id": "CVE-2023-22358"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003166"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-093"
},
{
"db": "NVD",
"id": "CVE-2023-22358"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-451922"
},
{
"db": "VULMON",
"id": "CVE-2023-22358"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003166"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-093"
},
{
"db": "NVD",
"id": "CVE-2023-22358"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-01T00:00:00",
"db": "VULHUB",
"id": "VHN-451922"
},
{
"date": "2023-02-01T00:00:00",
"db": "VULMON",
"id": "CVE-2023-22358"
},
{
"date": "2023-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-003166"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-093"
},
{
"date": "2023-02-01T18:15:11.247000",
"db": "NVD",
"id": "CVE-2023-22358"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-451922"
},
{
"date": "2023-02-01T00:00:00",
"db": "VULMON",
"id": "CVE-2023-22358"
},
{
"date": "2023-09-01T07:52:00",
"db": "JVNDB",
"id": "JVNDB-2023-003166"
},
{
"date": "2023-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-093"
},
{
"date": "2023-11-07T04:06:51.727000",
"db": "NVD",
"id": "CVE-2023-22358"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-093"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BIG-IP\u00a0Edge\u00a0Client\u00a0Windows\u00a0Installer\u00a0 Vulnerability regarding uncontrolled search path elements in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003166"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-093"
}
],
"trust": 0.6
}
}