CVE-2021-23023

Published: Jun 10, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected (2)

Products: F5: Big Ip Access Policy Manager

1 product

Big Ip Access Policy Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 7.1.6 to 7.1.9.9
F5 Big Ip Access Policy Manager	From 7.2.1 to 7.2.1.3

Related CWEs

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://support.f5.com/csp/article/K33757590

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K33757590

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.