CVE-2023-22283

Published: Feb 1, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Exploitability: 0.6 / Impact: 5.9

Source: NVD (Secondary)

Description

On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected (7)

Products: F5: Big Ip Access Policy Manager, Big Ip Edge

2 products

Big Ip Access Policy Manager

Big Ip Edge

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 13.1.0 to 13.1.5
F5 Big Ip Access Policy Manager	From 14.1.0 to 14.1.5
F5 Big Ip Access Policy Manager	From 15.1.0 to 15.1.8
F5 Big Ip Access Policy Manager	From 16.1.0 to 16.1.3
F5 Big Ip Access Policy Manager	From 17.0.0 to 17.0.0.2
F5 Big Ip Access Policy Manager	From 7.2.2 to 7.2.3.1
F5 Big Ip Edge	All versions

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://my.f5.com/manage/s/article/K07143733

Source: f5sirt@f5.com

Vendor Advisory

https://my.f5.com/manage/s/article/K07143733

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.