CVE-2023-43611

Q: What is the severity of CVE-2023-43611?

CVE-2023-43611 has a CVSS score of 7.8 (HIGH). The BIG-IP Edge Client Installer on macOS has a privilege escalation vulnerability during installation due to an incomplete fix for CVE-2023-38418. This allows attackers to gain elevated privileges on affected macOS systems. Only macOS users installing the BIG-IP Edge Client are affected.

7.8 HIGH

📋 TL;DR

The BIG-IP Edge Client Installer on macOS has a privilege escalation vulnerability during installation due to an incomplete fix for CVE-2023-38418. This allows attackers to gain elevated privileges on affected macOS systems. Only macOS users installing the BIG-IP Edge Client are affected.

💻 Affected Systems

Products:

F5 BIG-IP Edge Client

Versions: Specific versions not provided in CVE description; check F5 advisory for details

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects macOS installations. Software versions which have reached End of Technical Support (EoTS) are not evaluated.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could gain root privileges on the macOS system, enabling complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Local attackers or malicious software could exploit this during installation to gain elevated privileges for further malicious activities.

🟢

If Mitigated

With proper access controls and monitoring, exploitation would be limited to authorized users with installation privileges.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring access to the macOS system.

🏢 Internal Only: MEDIUM - Internal users with access to install software could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the macOS system during installation. This is a follow-up to CVE-2023-38418.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check F5 advisory K000136185 for specific patched versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000136185

Restart Required: Yes

Instructions:

1. Review F5 advisory K000136185 for affected versions. 2. Download and install the latest BIG-IP Edge Client from F5. 3. Restart the macOS system after installation.

🔧 Temporary Workarounds

Restrict installation privileges

macOS

Limit who can install software on macOS systems to prevent unauthorized exploitation

Monitor installation processes

macOS

Implement monitoring for BIG-IP Edge Client installation attempts

🧯 If You Can't Patch

Restrict physical and remote access to macOS systems with BIG-IP Edge Client
Implement application whitelisting to prevent unauthorized software installation

🔍 How to Verify

Check if Vulnerable:

Check if BIG-IP Edge Client is installed on macOS and compare version against F5 advisory K000136185

Check Version:

Check application version in macOS Applications folder or system preferences

Verify Fix Applied:

Verify installation of latest BIG-IP Edge Client version from F5 and confirm no privilege escalation during installation

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation during BIG-IP Edge Client installation
Installation logs showing abnormal permission requests

Network Indicators:

No network indicators - this is a local privilege escalation

SIEM Query:

Search for BIG-IP Edge Client installation events followed by privilege escalation alerts on macOS systems

📊 Metadata

CVE ID: CVE-2023-43611

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-347

Published: October 10, 2023

Last Updated: November 21, 2024

🔗 References

https://my.f5.com/manage/s/article/K000136185 Vendor Advisory
https://my.f5.com/manage/s/article/K000136185 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Webaccelerator by F5

Big Ip Webaccelerator by F5

Big Ip Webaccelerator by F5

Big Ip Webaccelerator by F5

Big Ip Websafe by F5

Big Ip Websafe by F5

Big Ip Websafe by F5

Big Ip Websafe by F5