DLL Hijacking Vulnerability in F5 BIG-IP APM Products
CVE-2022-28714

7.3HIGH

Key Information:

Vendor: F5
Status: Big-ip Apm; Big-ip Apm Clients
Vendor: CVE Published:; 5 May 2022

Summary

A DLL hijacking vulnerability was discovered in the F5 BIG-IP APM Windows Installer affecting multiple versions of the BIG-IP APM products and clients. This vulnerability enables potential attackers to exploit the installer, leading to unauthorized code execution. Users of affected products are advised to update to the latest versions to mitigate the risks associated with this vulnerability.

Affected Version(s)

BIG-IP APM 12.1.x

BIG-IP APM 11.6.x

BIG-IP APM 16.1.x < 16.1.2.2

References

https://support.f5.com/csp/article/K54460845

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2022
Vulnerability Reserved
Apr 19, 2022

Credit

F5 would like to acknowledge Minki Jang of HackEnTerBoBs and Raeez Abdulla of CodeGreen Systems, UAE for bringing this issue to our attention and following the highest standards of coordinated disclosure.