A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Weakness
The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Big-ip_access_policy_manager | F5 | 15.1.0 (including) | 15.1.10.8 (excluding) |
| Big-ip_access_policy_manager | F5 | 16.1.0 (including) | 16.1.6.1 (excluding) |
| Big-ip_access_policy_manager | F5 | 17.1.0 (including) | 17.1.3 (excluding) |
| Big-ip_access_policy_manager | F5 | 17.5.0 (including) | 17.5.1.3 (excluding) |
| Big-ip_access_policy_manager_client | F5 | 7.2.5 (including) | 7.2.5 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/13.html
- https://cwe.mitre.org/data/definitions/14.html
- https://cwe.mitre.org/data/definitions/389.html
- https://cwe.mitre.org/data/definitions/39.html
- https://cwe.mitre.org/data/definitions/665.html
- https://cwe.mitre.org/data/definitions/74.html
- https://cwe.mitre.org/data/definitions/75.html