CVE-2023-22358

Published: Feb 1, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected (7)

Products: F5: Big Ip Access Policy Manager, Big Ip Edge

2 products

Big Ip Access Policy Manager

Big Ip Edge

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 13.1.0 to 13.1.5
F5 Big Ip Access Policy Manager	From 14.1.0 to 14.1.5
F5 Big Ip Access Policy Manager	From 15.1.0 to 15.1.8
F5 Big Ip Access Policy Manager	From 16.1.0 to 16.1.3
F5 Big Ip Access Policy Manager	From 17.0.0 to 17.0.0.2
F5 Big Ip Access Policy Manager	From 7.2.2 to 7.2.3.1
F5 Big Ip Edge	All versions

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://my.f5.com/manage/s/article/K76964818

Source: f5sirt@f5.com

Vendor Advisory

https://my.f5.com/manage/s/article/K76964818

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.