Vulnerability Description
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or disrupt service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Access Policy Manager | >= 7.1.5, <= 7.1.6.1 |
| F5 | Big-Ip Edge | >= 7101, <= 7150 |
| Apple | Mac Os X | - |
| Linux | Linux Kernel | - |
References
- http://www.securityfocus.com/bid/104730Third Party AdvisoryVDB Entry
- https://github.com/mirchr/security-research/blob/master/vulnerabilities/F5/CVE-2
- https://support.f5.com/csp/article/K52171282Vendor Advisory
- http://www.securityfocus.com/bid/104730Third Party AdvisoryVDB Entry
- https://github.com/mirchr/security-research/blob/master/vulnerabilities/F5/CVE-2
- https://support.f5.com/csp/article/K52171282Vendor Advisory
FAQ
What is CVE-2018-5529?
CVE-2018-5529 is a vulnerability with a CVSS score of 7.8 (HIGH). The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the loca...
How severe is CVE-2018-5529?
CVE-2018-5529 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5529?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Access Policy Manager, F5 Big-Ip Edge, Apple Mac Os X, Linux Linux Kernel.