The svpn and policy server components of the F5 BIG-IP APM client prior to version 188.8.131.52 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host.
Update or upgrade to a fixed version.
Update to version 11.5.9, 184.108.40.206, 220.127.116.11, or 18.104.22.168.
BIG-IP Edge Client:
Update or upgrade to version 7171 or update to a fixed version of BIG-IP APM
BIG-IP APM Clients:
Update to version 22.214.171.124