BIG-IP Edge Client for Windows and macOS vulnerability
CVE-2023-36858

7.1HIGH

Key Information:

Vendor: F5
Status: Big-ip Edge Client
Vendor: CVE Published:; 2 August 2023

Summary

A vulnerability in the F5 BIG-IP Edge Client for both Windows and macOS allows attackers to potentially alter the configured server list due to insufficient data verification. This flaw may enable unauthorized modifications that could compromise the intended functionality and security posture of the client application. Note that versions of the software that have reached End of Technical Support (EoTS) are not eligible for evaluation.

Affected Version(s)

BIG-IP Edge Client Windows 7.2.3 < 7.2.4.3

References

https://my.f5.com/manage/s/article/K000132563

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 2, 2023
Vulnerability Reserved
Jul 17, 2023

Credit

F5 acknowledges Gianluca Palma of Engineering Ingegneria Informatica S.p.A. for bringing this issue to our attention and following the highest standards of coordinated disclosure.