Lucene search

K

BIG-IP Edge Client Security Vulnerabilities

cve
cve

CVE-2024-28883

An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.4CVSS

7.2AI Score

0.0004EPSS

2024-05-08 03:15 PM
36
cve
cve

CVE-2023-5450

An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.8CVSS

7.5AI Score

0.001EPSS

2023-10-10 01:15 PM
42
cve
cve

CVE-2023-43611

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.8CVSS

7.5AI Score

0.0004EPSS

2023-10-10 01:15 PM
40
cve
cve

CVE-2023-43125

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not...

8.2CVSS

8.2AI Score

0.001EPSS

2023-09-27 04:21 PM
41
cve
cve

CVE-2023-43124

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.1CVSS

6.9AI Score

0.001EPSS

2023-09-27 04:21 PM
36
cve
cve

CVE-2023-38418

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.8CVSS

7.4AI Score

0.0004EPSS

2023-08-02 04:15 PM
46
cve
cve

CVE-2023-36858

An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.1CVSS

5.5AI Score

0.0004EPSS

2023-08-02 04:15 PM
28
cve
cve

CVE-2023-24461

An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.4CVSS

5.7AI Score

0.001EPSS

2023-05-03 03:15 PM
19
cve
cve

CVE-2023-22372

In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not...

5.9CVSS

6AI Score

0.001EPSS

2023-05-03 03:15 PM
21
cve
cve

CVE-2023-22358

In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-02-01 06:15 PM
22
cve
cve

CVE-2023-22283

On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker....

6.5CVSS

6.5AI Score

0.0004EPSS

2023-02-01 06:15 PM
19
cve
cve

CVE-2022-28714

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in.....

7.8CVSS

7.6AI Score

0.001EPSS

2022-05-05 05:15 PM
96
cve
cve

CVE-2022-29263

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, the BIG-IP Edge Client Component...

7.8CVSS

7.7AI Score

0.0004EPSS

2022-05-05 05:15 PM
62
cve
cve

CVE-2022-27636

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM....

5.5CVSS

5.6AI Score

0.0004EPSS

2022-05-05 05:15 PM
84
2
cve
cve

CVE-2022-23032

In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not...

5.3CVSS

5.6AI Score

0.001EPSS

2022-01-25 08:15 PM
90
cve
cve

CVE-2021-23022

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.8CVSS

7.6AI Score

0.0004EPSS

2021-06-10 04:15 PM
44
2
cve
cve

CVE-2021-23023

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not...

7.8CVSS

7.5AI Score

0.001EPSS

2021-06-10 03:15 PM
32
cve
cve

CVE-2021-23002

When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of the....

4.5CVSS

5.3AI Score

0.0004EPSS

2021-03-31 06:15 PM
27
cve
cve

CVE-2021-22980

In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User.....

7.8CVSS

7.4AI Score

0.001EPSS

2021-02-12 06:15 PM
58
cve
cve

CVE-2020-5908

In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log...

5.5CVSS

5.7AI Score

0.0004EPSS

2020-07-01 03:15 PM
22
cve
cve

CVE-2020-5898

In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to .\urvpndrv device causing the Windows kernel to...

5.5CVSS

5.5AI Score

0.0004EPSS

2020-05-12 04:15 PM
28
cve
cve

CVE-2020-5896

On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder...

7.8CVSS

7.6AI Score

0.0004EPSS

2020-05-12 04:15 PM
27
cve
cve

CVE-2020-5897

In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX...

8.8CVSS

8.6AI Score

0.002EPSS

2020-05-12 04:15 PM
27
cve
cve

CVE-2020-5892

In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process...

6.7CVSS

6.4AI Score

0.0004EPSS

2020-04-30 10:15 PM
50
cve
cve

CVE-2020-5893

In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal...

3.7CVSS

4.4AI Score

0.001EPSS

2020-04-30 09:15 PM
23
2
cve
cve

CVE-2020-5855

When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged...

4.3CVSS

4.6AI Score

0.001EPSS

2020-02-06 04:15 PM
34
cve
cve

CVE-2019-6668

The BIG-IP APM Edge Client for macOS bundled with BIG-IP APM 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5 may allow unprivileged users to access files owned by...

5.5CVSS

5.3AI Score

0.0004EPSS

2019-11-27 10:15 PM
20
cve
cve

CVE-2019-6656

BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM...

7.5CVSS

7.5AI Score

0.002EPSS

2019-09-25 08:15 PM
22
cve
cve

CVE-2018-15332

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race...

7CVSS

6.5AI Score

0.0004EPSS

2018-12-06 02:00 PM
30
cve
cve

CVE-2018-15316

In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint...

5.5CVSS

5.4AI Score

0.001EPSS

2018-10-19 01:29 PM
55
cve
cve

CVE-2018-5529

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information,...

7.8CVSS

7.5AI Score

0.001EPSS

2018-07-12 06:29 PM
23
cve
cve

CVE-2016-7469

A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an...

5.4CVSS

5.1AI Score

0.001EPSS

2017-06-09 03:29 PM
32
cve
cve

CVE-2013-6024

The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory via unspecified...

6AI Score

0.001EPSS

2014-02-10 06:15 PM
25