CVE-2023-22358

Published Feb 1, 2023

Last updated a year ago

CVSS high 7.8

Overview

Description: In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Source: f5sirt@f5.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-427
f5sirt@f5.com: CWE-427

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:clients:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8424FB08-840E-4EE1-9F4B-E60705A4F466",
            "versionEndExcluding": "7.2.3.1",
            "versionStartIncluding": "7.2.2"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D93F04AD-DF14-48AB-9F13-8B2E491CF42E",
            "versionEndIncluding": "13.1.5",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7522C760-7E07-406F-BF50-5656D5723C4F",
            "versionEndIncluding": "14.1.5",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9568C6BD-0244-4220-8C95-DBF6C13526F8",
            "versionEndIncluding": "15.1.8",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "607663E0-4D10-4C6C-8184-29A3EC921A83",
            "versionEndIncluding": "16.1.3",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E84986CC-EF54-4404-B559-3FF946C67BB0",
            "versionEndExcluding": "17.0.0.2",
            "versionStartIncluding": "17.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge:-:*:*:*:clients:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AD7F83E-183B-48A5-AAEA-9252CE86BC2C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References