BIG-IP Edge Client for Windows vulnerability
CVE-2023-22358

7.8HIGH

Key Information:

Vendor: F5
Status: APM Clients
Vendor: CVE Published:; 1 February 2023

Summary

A DLL hijacking vulnerability has been identified in the BIG-IP Edge Client Windows Installer. This issue affects versions starting with 7.2.2 up to, but not including, 7.2.3.1. It allows malicious actors to exploit the installation process, which could lead to unexpected execution of arbitrary code. Users running affected versions should upgrade to the latest secure versions to mitigate potential risks and enhance their system's security.

Affected Version(s)

APM Clients Windows 7.2.2 < 7.2.3.1

APM Clients Windows 7.2.4

References

https://my.f5.com/manage/s/article/K76964818

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 1, 2023
Vulnerability Reserved
Jan 13, 2023