BIG-IP Edge Client for Windows vulnerability

CVE-2023-22358

7.8HIGH

Key Information

Vendor: F5
Status: APM Clients
Vendor: CVE Published:; 1 February 2023

Summary

In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Version(s)

APM Clients < 7.2.3.1

APM Clients >= 7.2.4

Refferences

https://my.f5.com/manage/s/article/K76964818

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 1, 2023
Vulnerability Reserved
Jan 13, 2023

Collectors

NVD DatabaseMitre Database