Design/Logic Flaw

2018-08-1712:29:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON

The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host.

CPENameOperatorVersion
big-ip_access_policy_managerge12.1.0
big-ip_access_policy_managerle12.1.3
big-ip_access_policy_manager_clientge7.1.5
big-ip_access_policy_manager_clientle7.1.7

Name	Operator	Version
big-ip_access_policy_manager	ge	12.1.0
big-ip_access_policy_manager	le	12.1.3
big-ip_access_policy_manager_client	ge	7.1.5
big-ip_access_policy_manager_client	le	7.1.7