An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Weakness
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Big-ip_access_policy_manager | F5 | 7.2.3 (including) | 7.2.4.5 (excluding) |
| Big-ip_access_policy_manager | F5 | 13.1.0 (including) | 13.1.5 (including) |
| Big-ip_access_policy_manager | F5 | 14.1.0 (including) | 14.1.5 (including) |
| Big-ip_access_policy_manager | F5 | 15.1.0 (including) | 15.1.10 (excluding) |
| Big-ip_access_policy_manager | F5 | 16.1.0 (including) | 16.1.4 (excluding) |
| Big-ip_access_policy_manager | F5 | 17.1.0 (including) | 17.1.0 (including) |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/111.html
- https://cwe.mitre.org/data/definitions/141.html
- https://cwe.mitre.org/data/definitions/142.html
- https://cwe.mitre.org/data/definitions/148.html
- https://cwe.mitre.org/data/definitions/218.html
- https://cwe.mitre.org/data/definitions/384.html
- https://cwe.mitre.org/data/definitions/385.html
- https://cwe.mitre.org/data/definitions/386.html
- https://cwe.mitre.org/data/definitions/387.html
- https://cwe.mitre.org/data/definitions/388.html
- https://cwe.mitre.org/data/definitions/665.html
- https://cwe.mitre.org/data/definitions/701.html