CVE-2023-5450 - OpenCVE

An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Macos
F5	Big-ip Access Policy Manager

Configuration 1 [-]

AND

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:::::::*

No data.

References

Link	Providers
https://my.f5.com/manage/s/article/K000135040

History

No history.

MITRE

Status: PUBLISHED

Assigner: f5

Published: 2023-10-10T12:31:48.600Z

Updated: 2024-09-13T16:41:55.571Z

Reserved: 2023-10-06T16:06:33.781Z

Link: CVE-2023-5450

Vulnrichment

Updated: 2024-08-02T07:59:44.760Z

NVD

Status : Analyzed

Published: 2023-10-10T13:15:22.617

Modified: 2023-10-18T01:17:35.720

Link: CVE-2023-5450

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5450", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "state": "PUBLISHED", "assignerShortName": "f5", "dateReserved": "2023-10-06T16:06:33.781Z", "datePublished": "2023-10-10T12:31:48.600Z", "dateUpdated": "2024-09-13T16:41:55.571Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["MacOS"], "product": "BIG-IP Edge Client", "vendor": "F5", "versions": [{"lessThan": "7.2.4.5", "status": "affected", "version": "7.2.3", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "F5 acknowledges Mickey Jin (@patch1t) of Trend Micro for bringing this issue to our attention and following the highest standards of coordinated disclosure."}], "datePublic": "2023-08-02T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process. \n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n</span><p></p>"}], "value": "\nAn insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2023-10-10T12:31:48.600Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://my.f5.com/manage/s/article/K000135040"}], "source": {"discovery": "EXTERNAL"}, "title": "BIG-IP Edge Client for macOS vulnerability", "x_generator": {"engine": "F5 SIRTBot v1.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.760Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://my.f5.com/manage/s/article/K000135040"}]}, {"affected": [{"vendor": "f5", "product": "big-ip_access_policy_manager", "cpes": ["cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "17.1.0", "status": "affected", "lessThan": "17.1.1.1", "versionType": "custom"}, {"version": "16.1.0", "status": "affected", "lessThan": "16.1.4.2", "versionType": "custom"}, {"version": "15.1.0", "status": "affected", "lessThan": "15.1.10.3", "versionType": "custom"}]}, {"vendor": "f5", "product": "access_policy_manager_clients", "cpes": ["cpe:2.3:a:f5:access_policy_manager_clients:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.2.3", "status": "affected", "lessThan": "7.2.5", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-13T16:33:52.624501Z", "id": "CVE-2023-5450", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T16:41:55.571Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://my.f5.com/manage/s/article/K000135040", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.760Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5450", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-13T16:33:52.624501Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*"], "vendor": "f5", "product": "big-ip_access_policy_manager", "versions": [{"status": "affected", "version": "17.1.0", "lessThan": "17.1.1.1", "versionType": "custom"}, {"status": "affected", "version": "16.1.0", "lessThan": "16.1.4.2", "versionType": "custom"}, {"status": "affected", "version": "15.1.0", "lessThan": "15.1.10.3", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:f5:access_policy_manager_clients:*:*:*:*:*:*:*:*"], "vendor": "f5", "product": "access_policy_manager_clients", "versions": [{"status": "affected", "version": "7.2.3", "lessThan": "7.2.5", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T16:41:47.323Z"}}], "cna": {"title": "BIG-IP Edge Client for macOS vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "F5 acknowledges Mickey Jin (@patch1t) of Trend Micro for bringing this issue to our attention and following the highest standards of coordinated disclosure."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "F5", "product": "BIG-IP Edge Client", "versions": [{"status": "affected", "version": "7.2.3", "lessThan": "7.2.4.5", "versionType": "semver"}], "platforms": ["MacOS"], "defaultStatus": "unknown"}], "datePublic": "2023-08-02T14:00:00.000Z", "references": [{"url": "https://my.f5.com/manage/s/article/K000135040", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "F5 SIRTBot v1.0"}, "descriptions": [{"lang": "en", "value": "\nAn insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process. \n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n</span><p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2023-10-10T12:31:48.600Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5450", "state": "PUBLISHED", "dateUpdated": "2024-09-13T16:41:55.571Z", "dateReserved": "2023-10-06T16:06:33.781Z", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "datePublished": "2023-10-10T12:31:48.600Z", "assignerShortName": "f5"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "53C872DE-3657-40F9-BF36-2C54C1BF697C", "versionEndExcluding": "7.2.4.5", "versionStartIncluding": "7.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D93F04AD-DF14-48AB-9F13-8B2E491CF42E", "versionEndIncluding": "13.1.5", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7522C760-7E07-406F-BF50-5656D5723C4F", "versionEndIncluding": "14.1.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EF0B216-5E0A-49E8-9373-08EEADFCD948", "versionEndExcluding": "15.1.10", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8F16422-A642-4614-96F2-E5B4877E8206", "versionEndExcluding": "16.1.4", "versionStartIncluding": "16.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nAn insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n"}, {"lang": "es", "value": "Existe una verificaci\u00f3n insuficiente de la vulnerabilidad de los datos en BIG-IP Edge Client Installer en macOS que puede permitir que un atacante aumente sus privilegios durante el proceso de instalaci\u00f3n. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se eval\u00faan."}], "id": "CVE-2023-5450", "lastModified": "2023-10-18T01:17:35.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "f5sirt@f5.com", "type": "Secondary"}]}, "published": "2023-10-10T13:15:22.617", "references": [{"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://my.f5.com/manage/s/article/K000135040"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "f5sirt@f5.com", "type": "Primary"}]}