An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Weakness
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Access_policy_manager_clients | F5 | 7.2.3 (including) | 7.2.4.3 (excluding) |
| Big-ip_access_policy_manager | F5 | 13.1.0 (including) | 13.1.5 (including) |
| Big-ip_access_policy_manager | F5 | 14.1.0 (including) | 14.1.5 (including) |
| Big-ip_access_policy_manager | F5 | 15.1.0 (including) | 15.1.9 (including) |
| Big-ip_access_policy_manager | F5 | 16.1.0 (including) | 16.1.3 (including) |
| Big-ip_access_policy_manager | F5 | 17.0.0 (including) | 17.1.0 (including) |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/111.html
- https://cwe.mitre.org/data/definitions/141.html
- https://cwe.mitre.org/data/definitions/142.html
- https://cwe.mitre.org/data/definitions/148.html
- https://cwe.mitre.org/data/definitions/218.html
- https://cwe.mitre.org/data/definitions/384.html
- https://cwe.mitre.org/data/definitions/385.html
- https://cwe.mitre.org/data/definitions/386.html
- https://cwe.mitre.org/data/definitions/387.html
- https://cwe.mitre.org/data/definitions/388.html
- https://cwe.mitre.org/data/definitions/665.html
- https://cwe.mitre.org/data/definitions/701.html