Name of the Vulnerable Software and Affected Versions:

BIG-IP Edge Client Installer version (affected versions not specified)

BIG-IP Access Policy Manager (affected versions not specified)

BIG-IP Advanced Firewall Manager (affected versions not specified)

BIG-IP Advanced Web Application Firewall (affected versions not specified)

BIG-IP Analytics (affected versions not specified)

BIG-IP Application Acceleration Manager (affected versions not specified)

BIG-IP Application Security Manager (affected versions not specified)

BIG-IP Application Visibility and Reporting (AVR) (affected versions not specified)

BIG-IP Carrier-Grade NAT (CGNAT) (affected versions not specified)

BIG-IP DDoS Hybrid Defender (affected versions not specified)

BIG-IP Domain Name System (affected versions not specified)

BIG-IP Edge Gateway (affected versions not specified)

BIG-IP Fraud Protection Service (affected versions not specified)

BIG-IP Global Traffic Manager (affected versions not specified)

BIG-IP Link Controller (affected versions not specified)

BIG-IP Local Traffic Manager (affected versions not specified)

BIG-IP Policy Enforcement Manager (affected versions not specified)

BIG-IP SSL Orchestrator (affected versions not specified)

BIG-IP WebAccelerator (affected versions not specified)

BIG-IP WebSafe (affected versions not specified)

Description:

The issue is related to an incomplete fix for a previous problem, which affects the installation process of the BIG-IP Edge Client Installer on macOS, not following best practices for elevating privileges. Additionally, there is a problem with incorrect verification of cryptographic signatures in various BIG-IP products. This could allow an attacker to elevate their privileges.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.