CVE-2022-28714
Last modified
CVE-2022-28714 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Access Policy Manager | 11.6.1 |
| F5 | Big-Ip Access Policy Manager | 11.6.2 |
| F5 | Big-Ip Access Policy Manager | 11.6.3 |
| F5 | Big-Ip Access Policy Manager | 11.6.4 |
| F5 | Big-Ip Access Policy Manager | 11.6.5 |
| F5 | Big-Ip Access Policy Manager | 12.1.0 |
| F5 | Big-Ip Access Policy Manager | 12.1.1 |
| F5 | Big-Ip Access Policy Manager | 12.1.2 |
| F5 | Big-Ip Access Policy Manager | 12.1.3 |
| F5 | Big-Ip Access Policy Manager | 12.1.4 |
| F5 | Big-Ip Access Policy Manager | 12.1.5 |
| F5 | Big-Ip Access Policy Manager | 12.1.6 |
| F5 | Big-Ip Access Policy Manager | 13.1.0 |
| F5 | Big-Ip Access Policy Manager | 13.1.1 |
| F5 | Big-Ip Access Policy Manager | 13.1.3 |
| F5 | Big-Ip Access Policy Manager | 13.1.4 |
| F5 | Big-Ip Access Policy Manager | 13.1.5 |
| F5 | Big-Ip Access Policy Manager | 14.1.0 |
| F5 | Big-Ip Access Policy Manager | 14.1.2 |
| F5 | Big-Ip Access Policy Manager | 14.1.3 |
| F5 | Big-Ip Access Policy Manager | 14.1.4 |
| F5 | Big-Ip Access Policy Manager | 15.1.0 |
| F5 | Big-Ip Access Policy Manager | 15.1.1 |
| F5 | Big-Ip Access Policy Manager | 15.1.2 |
| F5 | Big-Ip Access Policy Manager | 15.1.3 |
| F5 | Big-Ip Access Policy Manager | 15.1.4 |
| F5 | Big-Ip Access Policy Manager | 15.1.5 |
| F5 | Big-Ip Access Policy Manager | 16.1.0 |
| F5 | Big-Ip Access Policy Manager | 16.1.1 |
| F5 | Big-Ip Access Policy Manager | 16.1.2 |
| F5 | Big-Ip Access Policy Manager | 17.0.0 |
| F5 | Big-Ip Access Policy Manager Client | 7.1.5 |
| F5 | Big-Ip Access Policy Manager Client | 7.1.6 |
| F5 | Big-Ip Access Policy Manager Client | 7.1.6.1 |
| F5 | Big-Ip Access Policy Manager Client | 7.1.7 |
| F5 | Big-Ip Access Policy Manager Client | 7.1.8 |
| F5 | Big-Ip Access Policy Manager Client | 7.1.8.2 |
| F5 | Big-Ip Access Policy Manager Client | 7.1.9 |
| F5 | Big-Ip Access Policy Manager Client | 7.2.1 |
References
- https://support.f5.com/csp/article/K54460845Vendor Advisory
- https://support.f5.com/csp/article/K54460845Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-28714?
How severe is CVE-2022-28714?
How do I fix CVE-2022-28714?
Are you affected by CVE-2022-28714?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST