Lucene search

[email protected]NVD:CVE-2023-38418

HistoryAug 02, 2023 - 4:15 p.m.

CVE-2023-38418

2023-08-0216:15:10

CWE-347

[email protected]

web.nvd.nist.gov

cve-2023-38418

macos

privilege elevation

installation process

best practices

technical support

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected configurations

NVD

Node

f5access_policy_manager_clientsRange7.2.3–7.2.4.3

f5big-ip_access_policy_managerRange13.1.0–13.1.5

f5big-ip_access_policy_managerRange14.1.0–14.1.5

f5big-ip_access_policy_managerRange15.1.0–15.1.9

f5big-ip_access_policy_managerRange16.1.0–16.1.3

f5big-ip_access_policy_managerRange17.0.0–17.1.0

References

my.f5.com/manage/s/article/K000134746

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for NVD:CVE-2023-38418

f53 cve2 cnvd1 nessus1 cvelist2 prion2 nvd1