F5 Networks BIG-IP : BIG-IP APM client for Linux and macOS vulnerability (K54431371)
High Nessus Plugin ID 118681
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe svpn and policyserver components of the F5 BIG-IP APM client prior
to version 188.8.131.52 for Linux and macOS runs as a privileged process
and can allow an unprivileged user to getownership of files owned by
root on the local client host.(CVE-2018-5546)
A malicious local unprivileged user may gain knowledge of sensitive
information, manipulate certain data, or assume super-user privileges
on the local client host.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5