First published: Tue Oct 10 2023(Updated: )
An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Credit: f5sirt@f5.com f5sirt@f5.com
Affected Software | Affected Version | How to fix |
---|---|---|
F5 BIG-IP Access Policy Manager | >=7.2.3<7.2.4.5 | |
F5 BIG-IP Access Policy Manager | >=13.1.0<=13.1.5 | |
F5 BIG-IP Access Policy Manager | >=14.1.0<=14.1.5 | |
F5 BIG-IP Access Policy Manager | >=15.1.0<15.1.10 | |
F5 BIG-IP Access Policy Manager | >=16.1.0<16.1.4 | |
F5 BIG-IP Access Policy Manager | =17.1.0 | |
Apple macOS | ||
F5 BIG-IP (APM) | =17.1.0 | 17.1.1.1 |
F5 BIG-IP (APM) | >=16.1.0<=16.1.4=3 | 16.1.4.2 |
F5 BIG-IP (APM) | >=15.1.0<=15.1.10=3 | 15.1.10.3 |
F5 BIG-IP (APM) | >=14.1.0<=14.1.5=3 | |
F5 BIG-IP (APM) | >=13.1.0<=13.1.5=3 | |
F5 APM Clients | >=7.2.3<=7.2.4 | 7.2.4.5 |
All of | ||
Any of | ||
F5 BIG-IP Access Policy Manager | >=7.2.3<7.2.4.5 | |
F5 BIG-IP Access Policy Manager | >=13.1.0<=13.1.5 | |
F5 BIG-IP Access Policy Manager | >=14.1.0<=14.1.5 | |
F5 BIG-IP Access Policy Manager | >=15.1.0<15.1.10 | |
F5 BIG-IP Access Policy Manager | >=16.1.0<16.1.4 | |
F5 BIG-IP Access Policy Manager | =17.1.0 | |
Apple macOS |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2023-5450.
The severity of CVE-2023-5450 is high.
The affected software versions include F5 Big-IP Access Policy Manager versions 7.2.3 to 7.2.4.5, 13.1.0 to 13.1.5, 14.1.0 to 14.1.5, 15.1.0 to 15.1.10, 16.1.0 to 16.1.4, and 17.1.0.
An attacker can exploit CVE-2023-5450 by leveraging an insufficient verification of data vulnerability in the BIG-IP Edge Client Installer on macOS to gain elevation of privileges during the installation process.
No, Apple macOS is not vulnerable to CVE-2023-5450.