CVE-2018-5529
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or disrupt service.
El componente svpn del cliente F5 BIG-IP APM en versiones anteriores a la 7.1.7 para Linux y Mac OS X se ejecuta como proceso privilegiado y puede permitir que un usuario sin privilegios asuma privilegios de superusuario en el host del cliente local. Un usuario local malicioso no privilegiado podrÃa obtener conocimientos de información sensible, manipular ciertos datos o interrumpir el servicio.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-01-12 CVE Reserved
- 2018-07-12 CVE Published
- 2023-07-06 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/104730 | Third Party Advisory | |
| https://github.com/mirchr/security-research/blob/master/vulnerabilities/F5/CVE-2018-5529.txt | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.f5.com/csp/article/K52171282 | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| F5 Search vendor "F5" | Big-ip Access Policy Manager Search vendor "F5" for product "Big-ip Access Policy Manager" | >= 7.1.5 <= 7.1.6.1 Search vendor "F5" for product "Big-ip Access Policy Manager" and version " >= 7.1.5 <= 7.1.6.1" | clients |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| F5 Search vendor "F5" | Big-ip Access Policy Manager Search vendor "F5" for product "Big-ip Access Policy Manager" | >= 7.1.5 <= 7.1.6.1 Search vendor "F5" for product "Big-ip Access Policy Manager" and version " >= 7.1.5 <= 7.1.6.1" | clients |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| F5 Search vendor "F5" | Big-ip Access Policy Manager Search vendor "F5" for product "Big-ip Access Policy Manager" | >= 11.5.1 <= 11.5.6 Search vendor "F5" for product "Big-ip Access Policy Manager" and version " >= 11.5.1 <= 11.5.6" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| F5 Search vendor "F5" | Big-ip Access Policy Manager Search vendor "F5" for product "Big-ip Access Policy Manager" | >= 11.5.1 <= 11.5.6 Search vendor "F5" for product "Big-ip Access Policy Manager" and version " >= 11.5.1 <= 11.5.6" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| F5 Search vendor "F5" | Big-ip Access Policy Manager Search vendor "F5" for product "Big-ip Access Policy Manager" | >= 12.1.0 <= 12.1.3 Search vendor "F5" for product "Big-ip Access Policy Manager" and version " >= 12.1.0 <= 12.1.3" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| F5 Search vendor "F5" | Big-ip Access Policy Manager Search vendor "F5" for product "Big-ip Access Policy Manager" | >= 12.1.0 <= 12.1.3 Search vendor "F5" for product "Big-ip Access Policy Manager" and version " >= 12.1.0 <= 12.1.3" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| F5 Search vendor "F5" | Big-ip Access Policy Manager Search vendor "F5" for product "Big-ip Access Policy Manager" | >= 13.0.0 <= 13.1.0 Search vendor "F5" for product "Big-ip Access Policy Manager" and version " >= 13.0.0 <= 13.1.0" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| F5 Search vendor "F5" | Big-ip Access Policy Manager Search vendor "F5" for product "Big-ip Access Policy Manager" | >= 13.0.0 <= 13.1.0 Search vendor "F5" for product "Big-ip Access Policy Manager" and version " >= 13.0.0 <= 13.1.0" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| F5 Search vendor "F5" | Big-ip Edge Search vendor "F5" for product "Big-ip Edge" | >= 7101 <= 7150 Search vendor "F5" for product "Big-ip Edge" and version " >= 7101 <= 7150" | clients |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| F5 Search vendor "F5" | Big-ip Edge Search vendor "F5" for product "Big-ip Edge" | >= 7101 <= 7150 Search vendor "F5" for product "Big-ip Edge" and version " >= 7101 <= 7150" | clients |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|