Lucene search
F5CVE-2023-22358HistoryFeb 01, 2023 - 6:15 p.m.
CVE-2023-22358
2023-02-0118:15:11
CWE-427
f5
web.nvd.nist.gov
30
cve-2023-22358
vulnerability
dll hijacking
big-ip edge client
windows installer
security
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.7
Confidence
High
EPSS
0
Percentile
13.2%
In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected configurations
Node
f5big-ip_access_policy_managerRange7.2.2–7.2.3.1clients
ORf5big-ip_access_policy_managerRange13.1.0–13.1.5
ORf5big-ip_access_policy_managerRange14.1.0–14.1.5
ORf5big-ip_access_policy_managerRange15.1.0–15.1.8
ORf5big-ip_access_policy_managerRange16.1.0–16.1.3
ORf5big-ip_access_policy_managerRange17.0.0–17.0.0.2
ORf5big-ip_edgeMatch-clientswindows
| Vendor | Product | Version | CPE |
|---|---|---|---|
| f5 | big-ip_access_policy_manager | * | cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:clients:*:*:* |
| f5 | big-ip_access_policy_manager | * | cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* |
| f5 | big-ip_edge | - | cpe:2.3:a:f5:big-ip_edge:-:*:*:*:clients:windows:*:* |
CNA Affected
[
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "APM Clients",
"vendor": "F5",
"versions": [
{
"lessThan": "7.2.3.1",
"status": "affected",
"version": "7.2.2",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "7.2.4",
"versionType": "semver"
}
]
}
]References
Related
cvelist
cvelist
CVE-2023-22358 BIG-IP Edge Client for Windows vulnerability
2023-02-01 17:54:31
nessus
nessus
prion
prion
Design/Logic Flaw
2023-02-01 18:15:00
cnvd
cnvd
F5 BIG-IP Windows Edge Client client DLL hijacking vulnerability
2023-02-01 00:00:00
nvd
nvd
CVE-2023-22358
2023-02-01 18:15:11
f5
f5
K000130496 : Overview of F5 vulnerabilities (February 2023)
2023-02-01 00:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.7
Confidence
High
EPSS
0
Percentile
13.2%
Related for CVE-2023-22358