CVE-2023-38418 – The BIG-IP Edge Client Installer on macOS has i... (How to Fix)

📋 TL;DR

The BIG-IP Edge Client Installer on macOS has improper privilege elevation during installation, allowing local attackers to potentially gain elevated privileges. This affects macOS users installing the BIG-IP Edge Client. Only versions still under technical support are evaluated.

💻 Affected Systems

Products:

F5 BIG-IP Edge Client

Versions: Versions prior to those fixed, excluding EoTS versions

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects macOS installations. Windows and Linux versions not affected. EoTS versions not evaluated.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains root privileges on macOS system through installer exploitation

🟠

Likely Case

Privilege escalation during installation allowing unauthorized system access

🟢

If Mitigated

Minimal impact with proper installation controls and monitoring

🌐 Internet-Facing: LOW - Requires local access to macOS system

🏢 Internal Only: MEDIUM - Internal users could exploit during installation

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to macOS system during installation process

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to F5 advisory K000134746 for specific fixed versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000134746

Restart Required: No

Instructions:

1. Review F5 advisory K000134746
2. Download updated BIG-IP Edge Client installer
3. Uninstall previous version
4. Install updated version following standard macOS installation procedures

🔧 Temporary Workarounds

Restrict installation privileges

macOS

Limit who can install software on macOS systems

sudo /usr/sbin/dseditgroup -o edit -a username -t user admin

🧯 If You Can't Patch

Restrict BIG-IP Edge Client installation to trusted administrators only
Monitor installation logs and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check BIG-IP Edge Client version and compare against F5 advisory K000134746

Check Version:

Check application version in macOS About dialog or via package manager

Verify Fix Applied:

Verify installed version matches or exceeds fixed version in advisory

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation during installation
Installation process running with elevated privileges

Network Indicators:

Local installation activity

SIEM Query:

macOS installation logs showing BIG-IP Edge Client privilege escalation

📊 Metadata

CVE ID: CVE-2023-38418

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-347

Published: August 2, 2023

Last Updated: November 21, 2024

🔗 References

https://my.f5.com/manage/s/article/K000134746 Vendor Advisory
https://my.f5.com/manage/s/article/K000134746 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38418, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Access Policy Manager Clients by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict installation privileges

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities