CVE-2023-43611

Name of the Vulnerable Software and Affected Versions BIG-IP Edge Client Installer version (affected versions not specified) BIG-IP Access Policy Manager (affected versions not specified) BIG-IP Advanced Firewall Manager (affected versions not specified) BIG-IP Advanced Web Application Firewall (affected versions not specified) BIG-IP Analytics (affected versions not specified) BIG-IP Application Acceleration Manager (affected versions not specified) BIG-IP Application Security Manager (affected versions not specified) BIG-IP Application Visibility and Reporting (AVR) (affected versions not specified) BIG-IP Carrier-Grade NAT (CGNAT) (affected versions not specified) BIG-IP DDoS Hybrid Defender (affected versions not specified) BIG-IP Domain Name System (affected versions not specified) BIG-IP Edge Gateway (affected versions not specified) BIG-IP Fraud Protection Service (affected versions not specified) BIG-IP Global Traffic Manager (affected versions not specified) BIG-IP Link Controller (affected versions not specified) BIG-IP Local Traffic Manager (affected versions not specified) BIG-IP Policy Enforcement Manager (affected versions not specified) BIG-IP SSL Orchestrator (affected versions not specified) BIG-IP WebAccelerator (affected versions not specified) BIG-IP WebSafe (affected versions not specified)

Description The issue is related to an incomplete fix for a previous problem, which affects the installation process of the BIG-IP Edge Client Installer on macOS, not following best practices for elevating privileges. Additionally, there is a problem with incorrect verification of cryptographic signatures in various BIG-IP products. This could allow an attacker to elevate their privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.