CVE-2023-22283 MEDIUM

CVE-2023-22283: BIG-IP Edge Client for Windows vulnerability

Vendor F5
Product APM Clients
Weakness CWE-427
Published February 1, 2023
Last update March 26, 2025

CVSS base score

6.5/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Key dates

02Disclosure timeline

February 1, 2023 CVE published
March 26, 2025 Record updated