CVE-2018-5546
published 2018-08-17CVE-2018-5546: The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip_access_policy_manager | 12.1.0 – 12.1.3 | — |
| f5 | big-ip_access_policy_manager_client | — | — |
| f5 | big-ip_access_policy_manager_client | 7.1.5 – 7.1.7 | — |
| f5 | big-ip_apm | — | — |
| f5_networks_inc | big-ip_apm_client_for_linux | — | — |
| f5_networks_inc | big-ip_apm_client_for_macos | — | — |