CVE-2023-38418

CWE-3475 documents4 sources
Severity
7.8HIGH
EPSS
0.1%
top 82.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
F5 Big-ip Edge ClientF5 Access Policy Manager ClientsF5 Big-ip Access Policy Manager
Timeline
PublishedAug 2
Latest updateOct 10

Description

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5f5/big-ip_edge_client7.2.37.2.4.4+1
NVDf5/access_policy_manager_clients7.2.37.2.4.3
NVDf5/big-ip_access_policy_manager13.1.013.1.5+4

🔴Vulnerability Details

2
CVEList
BIG-IP Edge Client for macOS vulnerability2023-08-02
GHSA
GHSA-grr5-2xqc-rxr6: The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process2023-08-02

📋Vendor Advisories

2
F5
CVE-2023-43611: The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installa...2023-10-10
F5
CVE-2023-38418: The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installa...2023-08-02
CVE-2023-38418 (HIGH CVSS 7.8) | The BIG-IP Edge Client Installer on | cvebase.io