Search

Find a vulnerability

Search criteria

    40 vulnerabilities found for big-ip_access_policy_manager_client by f5

    CVE-2026-20730 (GCVE-0-2026-20730)

    Vulnerability from nvd – Published: 2026-02-04 15:02 – Updated: 2026-02-04 16:10
    VLAI
    Title
    BIG-IP Edge Client for Windows vulnerability
    Summary
    A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP Edge Client Affected: 7.2.5 , < 7.2.6.2 (custom)
    Create a notification for this product.
    Date Public
    2026-02-04 15:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20730",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-04T16:09:05.798351Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-04T16:10:57.286Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Windows"
              ],
              "product": "BIG-IP Edge Client",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "7.2.6.2",
                  "status": "affected",
                  "version": "7.2.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-02-04T15:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information.\u0026nbsp;\u0026nbsp;\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
                }
              ],
              "value": "A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-04T15:02:04.810Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000158931"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "BIG-IP Edge Client for Windows vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-20730",
        "datePublished": "2026-02-04T15:02:04.810Z",
        "dateReserved": "2026-01-21T21:33:16.349Z",
        "dateUpdated": "2026-02-04T16:10:57.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-48500 (GCVE-0-2025-48500)

    Vulnerability from nvd – Published: 2025-08-13 14:46 – Updated: 2026-02-26 17:48
    VLAI
    Title
    BIG-IP APM VPN web client for macOS vulnerability
    Summary
    A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-353 - Missing Support for Integrity Check
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP Edge Client Affected: 7.2.4 , < 7.2.5.3 (custom)
    Create a notification for this product.
    F5 BIG-IP Affected: 17.5.0 , < * (custom)
    Affected: 17.1.0 , < * (custom)
    Affected: 16.1.0 , < * (custom)
    Affected: 15.1.0 , < * (custom)
    Create a notification for this product.
    Date Public
    2025-08-13 14:00
    Credits
    F5 acknowledges Adwiteeya Agrawal of Snapchat, Inc for bringing this issue to our attention and following the highest standards of coordinated disclosure.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48500",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-14T03:56:00.540232Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:40.742Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "BIG-IP Edge Client for MacOS"
              ],
              "platforms": [
                "MacOS"
              ],
              "product": "BIG-IP Edge Client",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "7.2.5.3",
                  "status": "affected",
                  "version": "7.2.4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "APM"
              ],
              "product": "BIG-IP",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "17.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "17.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "16.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "15.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "F5 acknowledges Adwiteeya Agrawal of Snapchat, Inc for bringing this issue to our attention and following the highest standards of coordinated disclosure."
            }
          ],
          "datePublic": "2025-08-13T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\u003c/span\u003e"
                }
              ],
              "value": "A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.\u00a0\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-353",
                  "description": "CWE-353: Missing Support for Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-13T14:46:54.682Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000151782"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BIG-IP APM VPN web client for macOS vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2025-48500",
        "datePublished": "2025-08-13T14:46:54.682Z",
        "dateReserved": "2025-07-29T17:12:25.024Z",
        "dateUpdated": "2026-02-26T17:48:40.742Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-28883 (GCVE-0-2024-28883)

    Vulnerability from nvd – Published: 2024-05-08 15:01 – Updated: 2024-08-02 01:03
    VLAI
    Title
    BIG-IP APM browser network access VPN client vulnerability
    Summary
    An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP Edge Client Affected: 7.2.3 , < 7.2.4.4 (custom)
    Create a notification for this product.
    F5 BIG-IP Affected: 17.1.0 , < 17.1.1 (custom)
    Affected: 16.1.0 , < 16.1.4.2 (custom)
    Affected: 15.1.0 , < 15.1.10.3 (custom)
    Create a notification for this product.
    f5 big-ip Affected: 17.1.0
    Affected: 16.1.0 , ≤ 16.1.4 (custom)
    Affected: 15.1.0 , ≤ 15.1.10 (custom)
        cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
    Create a notification for this product.
    f5 apm_clients Affected: 7.2.3 , ≤ 7.2.4 (custom)
        cpe:2.3:a:f5:apm_clients:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-08 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "big-ip",
                "vendor": "f5",
                "versions": [
                  {
                    "status": "affected",
                    "version": "17.1.0"
                  },
                  {
                    "lessThanOrEqual": "16.1.4",
                    "status": "affected",
                    "version": "16.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "15.1.10",
                    "status": "affected",
                    "version": "15.1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:f5:apm_clients:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "apm_clients",
                "vendor": "f5",
                "versions": [
                  {
                    "lessThanOrEqual": "7.2.4",
                    "status": "affected",
                    "version": "7.2.3",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28883",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-04T19:53:38.815787Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T20:11:20.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "ADP Container"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:03:50.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://my.f5.com/manage/s/article/K000138744"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Windows",
                "Linux",
                "MacOS"
              ],
              "product": "BIG-IP Edge Client",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "7.2.4.4",
                  "status": "affected",
                  "version": "7.2.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "APM"
              ],
              "product": "BIG-IP",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "17.1.1",
                  "status": "affected",
                  "version": "17.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "16.1.4.2",
                  "status": "affected",
                  "version": "16.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.1.10.3",
                  "status": "affected",
                  "version": "15.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2024-05-08T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An origin validation vulnerability exists in \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBIG-IP APM browser network access VPN client \u003c/span\u003e\n\n\n\n for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "An origin validation vulnerability exists in \n\nBIG-IP APM browser network access VPN client \n\n\n\n for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-08T15:01:24.931Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000138744"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "BIG-IP APM browser network access VPN client vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2024-28883",
        "datePublished": "2024-05-08T15:01:24.931Z",
        "dateReserved": "2024-04-24T21:34:20.645Z",
        "dateUpdated": "2024-08-02T01:03:50.247Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43125 (GCVE-0-2023-43125)

    Vulnerability from nvd – Published: 2023-09-27 15:22 – Updated: 2024-09-24 13:13
    VLAI
    Title
    BIG-IP APM Clients TunnelCrack vulnerability
    Summary
    BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP Edge Client Affected: 7.2.3 , < * (semver)
    Create a notification for this product.
    F5 F5 Access Affected: 3.0 , < * (semver)
    Create a notification for this product.
    Date Public
    2023-09-27 14:00
    Credits
    Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:37:23.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://my.f5.com/manage/s/article/K000136909"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43125",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T13:13:02.532926Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T13:13:09.724Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "BIG-IP Edge Client",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "7.2.3",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "platforms": [
                "iOS",
                "Android"
              ],
              "product": "F5 Access",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf"
            }
          ],
          "datePublic": "2023-09-27T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBIG-IP APM clients may send IP traffic outside of the VPN tunnel.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
                }
              ],
              "value": "\nBIG-IP APM clients may send IP traffic outside of the VPN tunnel.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-27T15:22:07.212Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000136909"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BIG-IP APM Clients TunnelCrack vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2023-43125",
        "datePublished": "2023-09-27T15:22:07.212Z",
        "dateReserved": "2023-09-18T15:33:53.948Z",
        "dateUpdated": "2024-09-24T13:13:09.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43124 (GCVE-0-2023-43124)

    Vulnerability from nvd – Published: 2023-09-27 15:21 – Updated: 2024-09-23 15:06
    VLAI
    Title
    BIG-IP APM Clients TunnelCrack vulnerability
    Summary
    BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP Edge Client Affected: 7.2.3 , < * (semver)
    Create a notification for this product.
    F5 F5 Access Affected: 3.0 , < * (semver)
    Create a notification for this product.
    Date Public
    2023-09-27 14:00
    Credits
    Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:37:23.051Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://my.f5.com/manage/s/article/K000136907"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43124",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T14:38:51.284696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-23T15:06:23.816Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "BIG-IP Edge Client",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "7.2.3",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Android",
                "iOS"
              ],
              "product": "F5 Access",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf"
            }
          ],
          "datePublic": "2023-09-27T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBIG-IP APM clients may send IP traffic outside of the VPN tunnel.\u0026nbsp;\u0026nbsp;\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
                }
              ],
              "value": "\nBIG-IP APM clients may send IP traffic outside of the VPN tunnel.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-27T15:21:50.794Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000136907"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BIG-IP APM Clients TunnelCrack vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2023-43124",
        "datePublished": "2023-09-27T15:21:50.794Z",
        "dateReserved": "2023-09-18T15:33:53.947Z",
        "dateUpdated": "2024-09-23T15:06:23.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28714 (GCVE-0-2022-28714)

    Vulnerability from nvd – Published: 2022-05-05 16:40 – Updated: 2024-09-16 17:18
    VLAI
    Summary
    On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP APM Affected: 12.1.x
    Affected: 11.6.x
    Unaffected: 17.0.0 , < 17.0.x* (custom)
    Affected: 16.1.x , < 16.1.2.2 (custom)
    Affected: 15.1.x , < 15.1.5.1 (custom)
    Affected: 14.1.x , < 14.1.4.6 (custom)
    Affected: 13.1.x , < 13.1.5 (custom)
    Create a notification for this product.
    F5 BIG-IP APM Clients Affected: 7.x , < 7.2.1.5 (custom)
    Create a notification for this product.
    Date Public
    2022-05-04 00:00
    Credits
    F5 would like to acknowledge Minki Jang of HackEnTerBoBs and Raeez Abdulla of CodeGreen Systems, UAE for bringing this issue to our attention and following the highest standards of coordinated disclosure.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:03:52.638Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K54460845"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1.x"
                },
                {
                  "status": "affected",
                  "version": "11.6.x"
                },
                {
                  "lessThan": "17.0.x*",
                  "status": "unaffected",
                  "version": "17.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "16.1.2.2",
                  "status": "affected",
                  "version": "16.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.1.5.1",
                  "status": "affected",
                  "version": "15.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "14.1.4.6",
                  "status": "affected",
                  "version": "14.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "13.1.5",
                  "status": "affected",
                  "version": "13.1.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "BIG-IP APM Clients",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "7.2.1.5",
                  "status": "affected",
                  "version": "7.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "F5 would like to acknowledge Minki Jang of HackEnTerBoBs and Raeez Abdulla of CodeGreen Systems, UAE for bringing this issue to our attention and following the highest standards of coordinated disclosure."
            }
          ],
          "datePublic": "2022-05-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-05T16:40:53.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.f5.com/csp/article/K54460845"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2022-05-04T14:00:00.000Z",
              "ID": "CVE-2022-28714",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_name": "17.0.x",
                                "version_value": "17.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "16.1.x",
                                "version_value": "16.1.2.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "15.1.x",
                                "version_value": "15.1.5.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "14.1.x",
                                "version_value": "14.1.4.6"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "13.1.x",
                                "version_value": "13.1.5"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "12.1.x",
                                "version_value": "12.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "11.6.x",
                                "version_value": "11.6.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IP APM Clients",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.x",
                                "version_value": "7.2.1.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "F5 would like to acknowledge Minki Jang of HackEnTerBoBs and Raeez Abdulla of CodeGreen Systems, UAE for bringing this issue to our attention and following the highest standards of coordinated disclosure."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427 Uncontrolled Search Path Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K54460845",
                  "refsource": "MISC",
                  "url": "https://support.f5.com/csp/article/K54460845"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2022-28714",
        "datePublished": "2022-05-05T16:40:53.297Z",
        "dateReserved": "2022-04-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:18:27.730Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27636 (GCVE-0-2022-27636)

    Vulnerability from nvd – Published: 2022-05-05 16:13 – Updated: 2024-09-17 01:56
    VLAI
    Summary
    On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP APM Affected: 12.1.x
    Affected: 11.6.x
    Unaffected: 17.0.0 , < 17.0.x* (custom)
    Affected: 16.1.x , < 16.1.2.2 (custom)
    Affected: 15.1.x , < 15.1.5.1 (custom)
    Affected: 14.1.x , < 14.1.4.6 (custom)
    Affected: 13.1.x , < 13.1.5 (custom)
    Create a notification for this product.
    F5 BIG-IP APM Clients Affected: 7.x , < 7.2.1.5 (custom)
    Create a notification for this product.
    Date Public
    2022-05-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K57110035"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1.x"
                },
                {
                  "status": "affected",
                  "version": "11.6.x"
                },
                {
                  "lessThan": "17.0.x*",
                  "status": "unaffected",
                  "version": "17.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "16.1.2.2",
                  "status": "affected",
                  "version": "16.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.1.5.1",
                  "status": "affected",
                  "version": "15.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "14.1.4.6",
                  "status": "affected",
                  "version": "14.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "13.1.5",
                  "status": "affected",
                  "version": "13.1.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "BIG-IP APM Clients",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "7.2.1.5",
                  "status": "affected",
                  "version": "7.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-05-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-05T16:13:46.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.f5.com/csp/article/K57110035"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2022-05-04T14:00:00.000Z",
              "ID": "CVE-2022-27636",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_name": "17.0.x",
                                "version_value": "17.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "16.1.x",
                                "version_value": "16.1.2.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "15.1.x",
                                "version_value": "15.1.5.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "14.1.x",
                                "version_value": "14.1.4.6"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "13.1.x",
                                "version_value": "13.1.5"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "12.1.x",
                                "version_value": "12.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "11.6.x",
                                "version_value": "11.6.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IP APM Clients",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.x",
                                "version_value": "7.2.1.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-532 Insertion of Sensitive Information into Log File"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K57110035",
                  "refsource": "MISC",
                  "url": "https://support.f5.com/csp/article/K57110035"
                }
              ]
            },
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2022-27636",
        "datePublished": "2022-05-05T16:13:46.323Z",
        "dateReserved": "2022-04-19T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:56:56.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23032 (GCVE-0-2022-23032)

    Vulnerability from nvd – Published: 2022-01-25 19:11 – Updated: 2024-08-03 03:28
    VLAI
    Summary
    In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    Severity
    No CVSS data available.
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    n/a BIG-IP Edge Client for Mac and Windows Affected: All versions before 7.2.1.4
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:28:43.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K30525503"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP Edge Client for Mac and Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions before 7.2.1.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346: Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-25T19:11:34.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.f5.com/csp/article/K30525503"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2022-23032",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP Edge Client for Mac and Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions before 7.2.1.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-346: Origin Validation Error"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K30525503",
                  "refsource": "MISC",
                  "url": "https://support.f5.com/csp/article/K30525503"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2022-23032",
        "datePublished": "2022-01-25T19:11:34.000Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:28:43.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23022 (GCVE-0-2021-23022)

    Vulnerability from nvd – Published: 2021-06-10 15:06 – Updated: 2024-08-03 18:58
    VLAI
    Summary
    On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    Severity
    No CVSS data available.
    CWE
    • privilege escalation
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    n/a Edge Client for Windows Affected: 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:58:26.264Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K08503505"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Edge Client for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service\u0027s temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-10T15:06:40.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.f5.com/csp/article/K08503505"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2021-23022",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Edge Client for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service\u0027s temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K08503505",
                  "refsource": "MISC",
                  "url": "https://support.f5.com/csp/article/K08503505"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2021-23022",
        "datePublished": "2021-06-10T15:06:40.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:58:26.264Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5898 (GCVE-0-2020-5898)

    Vulnerability from nvd – Published: 2020-05-12 15:27 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash.
    Severity
    No CVSS data available.
    CWE
    • DOS
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    n/a F5 Edge Client Affected: 7.1.5-7.1.9
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:41.116Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K69154630"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "F5 Edge Client",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1.5-7.1.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\\\.\\urvpndrv device causing the Windows kernel to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DOS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-12T15:27:44.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.f5.com/csp/article/K69154630"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2020-5898",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "F5 Edge Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1.5-7.1.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\\\.\\urvpndrv device causing the Windows kernel to crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DOS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K69154630",
                  "refsource": "MISC",
                  "url": "https://support.f5.com/csp/article/K69154630"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2020-5898",
        "datePublished": "2020-05-12T15:27:44.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:41.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5897 (GCVE-0-2020-5897)

    Vulnerability from nvd – Published: 2020-05-12 15:20 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.
    Severity
    No CVSS data available.
    CWE
    • RCE
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    n/a F5 Edge Client Affected: 7.1.5-7.1.9
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:40.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K20346072"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "F5 Edge Client",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1.5-7.1.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "RCE",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-12T15:20:53.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.f5.com/csp/article/K20346072"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2020-5897",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "F5 Edge Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1.5-7.1.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "RCE"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K20346072",
                  "refsource": "MISC",
                  "url": "https://support.f5.com/csp/article/K20346072"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2020-5897",
        "datePublished": "2020-05-12T15:20:53.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:40.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5896 (GCVE-0-2020-5896)

    Vulnerability from nvd – Published: 2020-05-12 15:24 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    n/a F5 Edge Client Affected: 7.1.5-7.1.9
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:41.070Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K15478554"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "F5 Edge Client",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1.5-7.1.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "On versions 7.1.5-7.1.9, the BIG-IP Edge Client\u0027s Windows Installer Service\u0027s temporary folder has weak file and folder permissions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-12T15:24:59.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.f5.com/csp/article/K15478554"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2020-5896",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "F5 Edge Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1.5-7.1.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On versions 7.1.5-7.1.9, the BIG-IP Edge Client\u0027s Windows Installer Service\u0027s temporary folder has weak file and folder permissions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K15478554",
                  "refsource": "MISC",
                  "url": "https://support.f5.com/csp/article/K15478554"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2020-5896",
        "datePublished": "2020-05-12T15:24:59.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:41.070Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5892 (GCVE-0-2020-5892)

    Vulnerability from nvd – Published: 2020-04-30 21:03 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K15838353 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a BIG-IP Edge Client Affected: 7.1.5-7.1.8
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:40.723Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K15838353"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP Edge Client",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1.5-7.1.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-30T21:03:08.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K15838353"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2020-5892",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP Edge Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1.5-7.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K15838353",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K15838353"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2020-5892",
        "datePublished": "2020-04-30T21:03:08.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:40.723Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5893 (GCVE-0-2020-5893)

    Vulnerability from nvd – Published: 2020-04-30 21:00 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.
    Severity
    No CVSS data available.
    CWE
    • Brute Force
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K97733133 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a BIG-IP Edge Client Affected: 7.1.5-7.1.8
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:40.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K97733133"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP Edge Client",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1.5-7.1.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Brute Force",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-30T21:00:49.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K97733133"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2020-5893",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP Edge Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1.5-7.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Brute Force"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K97733133",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K97733133"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2020-5893",
        "datePublished": "2020-04-30T21:00:49.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:40.873Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5855 (GCVE-0-2020-5855)

    Vulnerability from nvd – Published: 2020-02-06 15:37 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.
    Severity
    No CVSS data available.
    CWE
    • Unauthorized Access
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K55102004 x_refsource_CONFIRM
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.885Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K55102004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Edge Client for Windows",
              "vendor": "F5",
              "versions": [
                {
                  "status": "affected",
                  "version": "All"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user\u0027s machine can get shell access under unprivileged user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unauthorized Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-06T15:37:27.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K55102004"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2020-5855",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Edge Client for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user\u0027s machine can get shell access under unprivileged user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unauthorized Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K55102004",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K55102004"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2020-5855",
        "datePublished": "2020-02-06T15:37:27.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.885Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-20730 (GCVE-0-2026-20730)

    Vulnerability from cvelistv5 – Published: 2026-02-04 15:02 – Updated: 2026-02-04 16:10
    VLAI
    Title
    BIG-IP Edge Client for Windows vulnerability
    Summary
    A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP Edge Client Affected: 7.2.5 , < 7.2.6.2 (custom)
    Create a notification for this product.
    Date Public
    2026-02-04 15:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20730",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-04T16:09:05.798351Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-04T16:10:57.286Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Windows"
              ],
              "product": "BIG-IP Edge Client",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "7.2.6.2",
                  "status": "affected",
                  "version": "7.2.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-02-04T15:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information.\u0026nbsp;\u0026nbsp;\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
                }
              ],
              "value": "A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 2,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-04T15:02:04.810Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000158931"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "BIG-IP Edge Client for Windows vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-20730",
        "datePublished": "2026-02-04T15:02:04.810Z",
        "dateReserved": "2026-01-21T21:33:16.349Z",
        "dateUpdated": "2026-02-04T16:10:57.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-48500 (GCVE-0-2025-48500)

    Vulnerability from cvelistv5 – Published: 2025-08-13 14:46 – Updated: 2026-02-26 17:48
    VLAI
    Title
    BIG-IP APM VPN web client for macOS vulnerability
    Summary
    A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-353 - Missing Support for Integrity Check
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP Edge Client Affected: 7.2.4 , < 7.2.5.3 (custom)
    Create a notification for this product.
    F5 BIG-IP Affected: 17.5.0 , < * (custom)
    Affected: 17.1.0 , < * (custom)
    Affected: 16.1.0 , < * (custom)
    Affected: 15.1.0 , < * (custom)
    Create a notification for this product.
    Date Public
    2025-08-13 14:00
    Credits
    F5 acknowledges Adwiteeya Agrawal of Snapchat, Inc for bringing this issue to our attention and following the highest standards of coordinated disclosure.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48500",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-14T03:56:00.540232Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:48:40.742Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "BIG-IP Edge Client for MacOS"
              ],
              "platforms": [
                "MacOS"
              ],
              "product": "BIG-IP Edge Client",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "7.2.5.3",
                  "status": "affected",
                  "version": "7.2.4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "APM"
              ],
              "product": "BIG-IP",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "17.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "17.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "16.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "15.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "F5 acknowledges Adwiteeya Agrawal of Snapchat, Inc for bringing this issue to our attention and following the highest standards of coordinated disclosure."
            }
          ],
          "datePublic": "2025-08-13T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\u003c/span\u003e"
                }
              ],
              "value": "A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.\u00a0\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-353",
                  "description": "CWE-353: Missing Support for Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-13T14:46:54.682Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000151782"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BIG-IP APM VPN web client for macOS vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2025-48500",
        "datePublished": "2025-08-13T14:46:54.682Z",
        "dateReserved": "2025-07-29T17:12:25.024Z",
        "dateUpdated": "2026-02-26T17:48:40.742Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-28883 (GCVE-0-2024-28883)

    Vulnerability from cvelistv5 – Published: 2024-05-08 15:01 – Updated: 2024-08-02 01:03
    VLAI
    Title
    BIG-IP APM browser network access VPN client vulnerability
    Summary
    An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP Edge Client Affected: 7.2.3 , < 7.2.4.4 (custom)
    Create a notification for this product.
    F5 BIG-IP Affected: 17.1.0 , < 17.1.1 (custom)
    Affected: 16.1.0 , < 16.1.4.2 (custom)
    Affected: 15.1.0 , < 15.1.10.3 (custom)
    Create a notification for this product.
    f5 big-ip Affected: 17.1.0
    Affected: 16.1.0 , ≤ 16.1.4 (custom)
    Affected: 15.1.0 , ≤ 15.1.10 (custom)
        cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*
    Create a notification for this product.
    f5 apm_clients Affected: 7.2.3 , ≤ 7.2.4 (custom)
        cpe:2.3:a:f5:apm_clients:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-08 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:f5:big-ip:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "big-ip",
                "vendor": "f5",
                "versions": [
                  {
                    "status": "affected",
                    "version": "17.1.0"
                  },
                  {
                    "lessThanOrEqual": "16.1.4",
                    "status": "affected",
                    "version": "16.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "15.1.10",
                    "status": "affected",
                    "version": "15.1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:f5:apm_clients:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "apm_clients",
                "vendor": "f5",
                "versions": [
                  {
                    "lessThanOrEqual": "7.2.4",
                    "status": "affected",
                    "version": "7.2.3",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28883",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-04T19:53:38.815787Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T20:11:20.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "ADP Container"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:03:50.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://my.f5.com/manage/s/article/K000138744"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Windows",
                "Linux",
                "MacOS"
              ],
              "product": "BIG-IP Edge Client",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "7.2.4.4",
                  "status": "affected",
                  "version": "7.2.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "APM"
              ],
              "product": "BIG-IP",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "17.1.1",
                  "status": "affected",
                  "version": "17.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "16.1.4.2",
                  "status": "affected",
                  "version": "16.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.1.10.3",
                  "status": "affected",
                  "version": "15.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2024-05-08T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An origin validation vulnerability exists in \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBIG-IP APM browser network access VPN client \u003c/span\u003e\n\n\n\n for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "An origin validation vulnerability exists in \n\nBIG-IP APM browser network access VPN client \n\n\n\n for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-08T15:01:24.931Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000138744"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "BIG-IP APM browser network access VPN client vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2024-28883",
        "datePublished": "2024-05-08T15:01:24.931Z",
        "dateReserved": "2024-04-24T21:34:20.645Z",
        "dateUpdated": "2024-08-02T01:03:50.247Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43125 (GCVE-0-2023-43125)

    Vulnerability from cvelistv5 – Published: 2023-09-27 15:22 – Updated: 2024-09-24 13:13
    VLAI
    Title
    BIG-IP APM Clients TunnelCrack vulnerability
    Summary
    BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP Edge Client Affected: 7.2.3 , < * (semver)
    Create a notification for this product.
    F5 F5 Access Affected: 3.0 , < * (semver)
    Create a notification for this product.
    Date Public
    2023-09-27 14:00
    Credits
    Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:37:23.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://my.f5.com/manage/s/article/K000136909"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43125",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T13:13:02.532926Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T13:13:09.724Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "BIG-IP Edge Client",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "7.2.3",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "platforms": [
                "iOS",
                "Android"
              ],
              "product": "F5 Access",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf"
            }
          ],
          "datePublic": "2023-09-27T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBIG-IP APM clients may send IP traffic outside of the VPN tunnel.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
                }
              ],
              "value": "\nBIG-IP APM clients may send IP traffic outside of the VPN tunnel.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-27T15:22:07.212Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000136909"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BIG-IP APM Clients TunnelCrack vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2023-43125",
        "datePublished": "2023-09-27T15:22:07.212Z",
        "dateReserved": "2023-09-18T15:33:53.948Z",
        "dateUpdated": "2024-09-24T13:13:09.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43124 (GCVE-0-2023-43124)

    Vulnerability from cvelistv5 – Published: 2023-09-27 15:21 – Updated: 2024-09-23 15:06
    VLAI
    Title
    BIG-IP APM Clients TunnelCrack vulnerability
    Summary
    BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP Edge Client Affected: 7.2.3 , < * (semver)
    Create a notification for this product.
    F5 F5 Access Affected: 3.0 , < * (semver)
    Create a notification for this product.
    Date Public
    2023-09-27 14:00
    Credits
    Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:37:23.051Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://my.f5.com/manage/s/article/K000136907"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43124",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T14:38:51.284696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-23T15:06:23.816Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux"
              ],
              "product": "BIG-IP Edge Client",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "7.2.3",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "platforms": [
                "Android",
                "iOS"
              ],
              "product": "F5 Access",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf"
            }
          ],
          "datePublic": "2023-09-27T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBIG-IP APM clients may send IP traffic outside of the VPN tunnel.\u0026nbsp;\u0026nbsp;\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
                }
              ],
              "value": "\nBIG-IP APM clients may send IP traffic outside of the VPN tunnel.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-27T15:21:50.794Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000136907"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BIG-IP APM Clients TunnelCrack vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2023-43124",
        "datePublished": "2023-09-27T15:21:50.794Z",
        "dateReserved": "2023-09-18T15:33:53.947Z",
        "dateUpdated": "2024-09-23T15:06:23.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28714 (GCVE-0-2022-28714)

    Vulnerability from cvelistv5 – Published: 2022-05-05 16:40 – Updated: 2024-09-16 17:18
    VLAI
    Summary
    On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP APM Affected: 12.1.x
    Affected: 11.6.x
    Unaffected: 17.0.0 , < 17.0.x* (custom)
    Affected: 16.1.x , < 16.1.2.2 (custom)
    Affected: 15.1.x , < 15.1.5.1 (custom)
    Affected: 14.1.x , < 14.1.4.6 (custom)
    Affected: 13.1.x , < 13.1.5 (custom)
    Create a notification for this product.
    F5 BIG-IP APM Clients Affected: 7.x , < 7.2.1.5 (custom)
    Create a notification for this product.
    Date Public
    2022-05-04 00:00
    Credits
    F5 would like to acknowledge Minki Jang of HackEnTerBoBs and Raeez Abdulla of CodeGreen Systems, UAE for bringing this issue to our attention and following the highest standards of coordinated disclosure.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:03:52.638Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K54460845"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1.x"
                },
                {
                  "status": "affected",
                  "version": "11.6.x"
                },
                {
                  "lessThan": "17.0.x*",
                  "status": "unaffected",
                  "version": "17.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "16.1.2.2",
                  "status": "affected",
                  "version": "16.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.1.5.1",
                  "status": "affected",
                  "version": "15.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "14.1.4.6",
                  "status": "affected",
                  "version": "14.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "13.1.5",
                  "status": "affected",
                  "version": "13.1.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "BIG-IP APM Clients",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "7.2.1.5",
                  "status": "affected",
                  "version": "7.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "F5 would like to acknowledge Minki Jang of HackEnTerBoBs and Raeez Abdulla of CodeGreen Systems, UAE for bringing this issue to our attention and following the highest standards of coordinated disclosure."
            }
          ],
          "datePublic": "2022-05-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-05T16:40:53.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.f5.com/csp/article/K54460845"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2022-05-04T14:00:00.000Z",
              "ID": "CVE-2022-28714",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_name": "17.0.x",
                                "version_value": "17.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "16.1.x",
                                "version_value": "16.1.2.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "15.1.x",
                                "version_value": "15.1.5.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "14.1.x",
                                "version_value": "14.1.4.6"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "13.1.x",
                                "version_value": "13.1.5"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "12.1.x",
                                "version_value": "12.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "11.6.x",
                                "version_value": "11.6.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IP APM Clients",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.x",
                                "version_value": "7.2.1.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "F5 would like to acknowledge Minki Jang of HackEnTerBoBs and Raeez Abdulla of CodeGreen Systems, UAE for bringing this issue to our attention and following the highest standards of coordinated disclosure."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427 Uncontrolled Search Path Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K54460845",
                  "refsource": "MISC",
                  "url": "https://support.f5.com/csp/article/K54460845"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2022-28714",
        "datePublished": "2022-05-05T16:40:53.297Z",
        "dateReserved": "2022-04-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:18:27.730Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27636 (GCVE-0-2022-27636)

    Vulnerability from cvelistv5 – Published: 2022-05-05 16:13 – Updated: 2024-09-17 01:56
    VLAI
    Summary
    On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 BIG-IP APM Affected: 12.1.x
    Affected: 11.6.x
    Unaffected: 17.0.0 , < 17.0.x* (custom)
    Affected: 16.1.x , < 16.1.2.2 (custom)
    Affected: 15.1.x , < 15.1.5.1 (custom)
    Affected: 14.1.x , < 14.1.4.6 (custom)
    Affected: 13.1.x , < 13.1.5 (custom)
    Create a notification for this product.
    F5 BIG-IP APM Clients Affected: 7.x , < 7.2.1.5 (custom)
    Create a notification for this product.
    Date Public
    2022-05-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K57110035"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP APM",
              "vendor": "F5",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1.x"
                },
                {
                  "status": "affected",
                  "version": "11.6.x"
                },
                {
                  "lessThan": "17.0.x*",
                  "status": "unaffected",
                  "version": "17.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "16.1.2.2",
                  "status": "affected",
                  "version": "16.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "15.1.5.1",
                  "status": "affected",
                  "version": "15.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "14.1.4.6",
                  "status": "affected",
                  "version": "14.1.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "13.1.5",
                  "status": "affected",
                  "version": "13.1.x",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "BIG-IP APM Clients",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "7.2.1.5",
                  "status": "affected",
                  "version": "7.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-05-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-05T16:13:46.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.f5.com/csp/article/K57110035"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "DATE_PUBLIC": "2022-05-04T14:00:00.000Z",
              "ID": "CVE-2022-27636",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP APM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_name": "17.0.x",
                                "version_value": "17.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "16.1.x",
                                "version_value": "16.1.2.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "15.1.x",
                                "version_value": "15.1.5.1"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "14.1.x",
                                "version_value": "14.1.4.6"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "13.1.x",
                                "version_value": "13.1.5"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "12.1.x",
                                "version_value": "12.1.x"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "11.6.x",
                                "version_value": "11.6.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIG-IP APM Clients",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.x",
                                "version_value": "7.2.1.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-532 Insertion of Sensitive Information into Log File"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K57110035",
                  "refsource": "MISC",
                  "url": "https://support.f5.com/csp/article/K57110035"
                }
              ]
            },
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2022-27636",
        "datePublished": "2022-05-05T16:13:46.323Z",
        "dateReserved": "2022-04-19T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:56:56.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23032 (GCVE-0-2022-23032)

    Vulnerability from cvelistv5 – Published: 2022-01-25 19:11 – Updated: 2024-08-03 03:28
    VLAI
    Summary
    In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    Severity
    No CVSS data available.
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    n/a BIG-IP Edge Client for Mac and Windows Affected: All versions before 7.2.1.4
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:28:43.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K30525503"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP Edge Client for Mac and Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions before 7.2.1.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346: Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-25T19:11:34.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.f5.com/csp/article/K30525503"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2022-23032",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP Edge Client for Mac and Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions before 7.2.1.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-346: Origin Validation Error"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K30525503",
                  "refsource": "MISC",
                  "url": "https://support.f5.com/csp/article/K30525503"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2022-23032",
        "datePublished": "2022-01-25T19:11:34.000Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:28:43.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23022 (GCVE-0-2021-23022)

    Vulnerability from cvelistv5 – Published: 2021-06-10 15:06 – Updated: 2024-08-03 18:58
    VLAI
    Summary
    On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    Severity
    No CVSS data available.
    CWE
    • privilege escalation
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    n/a Edge Client for Windows Affected: 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:58:26.264Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K08503505"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Edge Client for Windows",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service\u0027s temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-10T15:06:40.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.f5.com/csp/article/K08503505"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2021-23022",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Edge Client for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service\u0027s temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K08503505",
                  "refsource": "MISC",
                  "url": "https://support.f5.com/csp/article/K08503505"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2021-23022",
        "datePublished": "2021-06-10T15:06:40.000Z",
        "dateReserved": "2021-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:58:26.264Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5898 (GCVE-0-2020-5898)

    Vulnerability from cvelistv5 – Published: 2020-05-12 15:27 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash.
    Severity
    No CVSS data available.
    CWE
    • DOS
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    n/a F5 Edge Client Affected: 7.1.5-7.1.9
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:41.116Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K69154630"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "F5 Edge Client",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1.5-7.1.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\\\.\\urvpndrv device causing the Windows kernel to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DOS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-12T15:27:44.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.f5.com/csp/article/K69154630"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2020-5898",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "F5 Edge Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1.5-7.1.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\\\.\\urvpndrv device causing the Windows kernel to crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "DOS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K69154630",
                  "refsource": "MISC",
                  "url": "https://support.f5.com/csp/article/K69154630"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2020-5898",
        "datePublished": "2020-05-12T15:27:44.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:41.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5896 (GCVE-0-2020-5896)

    Vulnerability from cvelistv5 – Published: 2020-05-12 15:24 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions.
    Severity
    No CVSS data available.
    CWE
    • Privilege Escalation
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    n/a F5 Edge Client Affected: 7.1.5-7.1.9
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:41.070Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K15478554"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "F5 Edge Client",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1.5-7.1.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "On versions 7.1.5-7.1.9, the BIG-IP Edge Client\u0027s Windows Installer Service\u0027s temporary folder has weak file and folder permissions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-12T15:24:59.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.f5.com/csp/article/K15478554"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2020-5896",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "F5 Edge Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1.5-7.1.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "On versions 7.1.5-7.1.9, the BIG-IP Edge Client\u0027s Windows Installer Service\u0027s temporary folder has weak file and folder permissions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K15478554",
                  "refsource": "MISC",
                  "url": "https://support.f5.com/csp/article/K15478554"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2020-5896",
        "datePublished": "2020-05-12T15:24:59.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:41.070Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5897 (GCVE-0-2020-5897)

    Vulnerability from cvelistv5 – Published: 2020-05-12 15:20 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.
    Severity
    No CVSS data available.
    CWE
    • RCE
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    n/a F5 Edge Client Affected: 7.1.5-7.1.9
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:40.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K20346072"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "F5 Edge Client",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1.5-7.1.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "RCE",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-12T15:20:53.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.f5.com/csp/article/K20346072"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2020-5897",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "F5 Edge Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1.5-7.1.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "RCE"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K20346072",
                  "refsource": "MISC",
                  "url": "https://support.f5.com/csp/article/K20346072"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2020-5897",
        "datePublished": "2020-05-12T15:20:53.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:40.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5892 (GCVE-0-2020-5892)

    Vulnerability from cvelistv5 – Published: 2020-04-30 21:03 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K15838353 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a BIG-IP Edge Client Affected: 7.1.5-7.1.8
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:40.723Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K15838353"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP Edge Client",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1.5-7.1.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-30T21:03:08.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K15838353"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2020-5892",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP Edge Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1.5-7.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K15838353",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K15838353"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2020-5892",
        "datePublished": "2020-04-30T21:03:08.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:40.723Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5893 (GCVE-0-2020-5893)

    Vulnerability from cvelistv5 – Published: 2020-04-30 21:00 – Updated: 2024-08-04 08:47
    VLAI
    Summary
    In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.
    Severity
    No CVSS data available.
    CWE
    • Brute Force
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K97733133 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    n/a BIG-IP Edge Client Affected: 7.1.5-7.1.8
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:47:40.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K97733133"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BIG-IP Edge Client",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1.5-7.1.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Brute Force",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-30T21:00:49.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K97733133"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2020-5893",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BIG-IP Edge Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1.5-7.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Brute Force"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K97733133",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K97733133"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2020-5893",
        "datePublished": "2020-04-30T21:00:49.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:47:40.873Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5855 (GCVE-0-2020-5855)

    Vulnerability from cvelistv5 – Published: 2020-02-06 15:37 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.
    Severity
    No CVSS data available.
    CWE
    • Unauthorized Access
    Assigner
    f5
    References
    URL Tags
    https://support.f5.com/csp/article/K55102004 x_refsource_CONFIRM
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.885Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K55102004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Edge Client for Windows",
              "vendor": "F5",
              "versions": [
                {
                  "status": "affected",
                  "version": "All"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user\u0027s machine can get shell access under unprivileged user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unauthorized Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-06T15:37:27.000Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K55102004"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "f5sirt@f5.com",
              "ID": "CVE-2020-5855",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Edge Client for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "F5"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user\u0027s machine can get shell access under unprivileged user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unauthorized Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.f5.com/csp/article/K55102004",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K55102004"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2020-5855",
        "datePublished": "2020-02-06T15:37:27.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.885Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }