Vulnerability Description
On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Access Policy Manager | >= 7.2.2, < 7.2.3.1 |
| F5 | Big-Ip Edge | - |
Related Weaknesses (CWE)
References
- https://my.f5.com/manage/s/article/K07143733Vendor Advisory
- https://my.f5.com/manage/s/article/K07143733Vendor Advisory
FAQ
What is CVE-2023-22283?
CVE-2023-22283 is a vulnerability with a CVSS score of 6.5 (MEDIUM). On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit thi...
How severe is CVE-2023-22283?
CVE-2023-22283 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-22283?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Access Policy Manager, F5 Big-Ip Edge.