BIG-IP Edge Client for Windows vulnerability

CVE-2023-22283

6.5MEDIUM

Key Information

Vendor: F5
Status: APM Clients
Vendor: CVE Published:; 1 February 2023

Summary

On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Version(s)

APM Clients < 7.2.3.1

APM Clients >= 7.2.4

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Feb 1, 2023
Vulnerability Reserved.
Jan 13, 2023

Collectors

NVD DatabaseMitre Database