Published: 12/07/2018 Updated: 03/10/2019
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or disrupt service.

Vulnerability Trend

Affected Products

Vendor Product Versions
F5Big-ip Access Policy Manager11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 13.0.0,, 13.0.1, 13.1.0

Github Repositories

Security Research A collection of files related to my personal security research Additional content will be posted on my blog blogmirchio Tools Tool Description openssldir_check Windows utility to check for potential insecure paths used by the OPENSSLDIR build parameter in OpenSSL libraries ssscache2john Convert SSSD LDAP cache files to John The Ripper form