CVE-2023-22283
Last modified
CVE-2023-22283 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. EPSS estimates a 0.20% chance of exploitation in the next 30 days.
Description
On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Access Policy Manager | >= 7.2.2, < 7.2.3.1 |
| F5 | Big-Ip Access Policy Manager | >= 13.1.0, <= 13.1.5 |
| F5 | Big-Ip Access Policy Manager | >= 14.1.0, <= 14.1.5 |
| F5 | Big-Ip Access Policy Manager | >= 15.1.0, <= 15.1.8 |
| F5 | Big-Ip Access Policy Manager | >= 16.1.0, <= 16.1.3 |
| F5 | Big-Ip Access Policy Manager | >= 17.0.0, < 17.0.0.2 |
| F5 | Big-Ip Edge | All versions |
References
- https://my.f5.com/manage/s/article/K07143733Vendor Advisory
- https://my.f5.com/manage/s/article/K07143733Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-22283?
How severe is CVE-2023-22283?
How do I fix CVE-2023-22283?
Are you affected by CVE-2023-22283?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST