CVE-2023-22283

MEDIUM

BIG-IP Edge Client <7.2.3.1 - DLL Hijacking

Title source: llm

Description

On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References (1)

[Vendor Advisory] https://my.f5.com/manage/s/article/K07143733

Scores

CVSS v3 6.5

EPSS 0.0019

EPSS Percentile 41.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (3)

f5/big-ip_access_policy_manager < 7.2.3.1

f5/big-ip_access_policy_manager < 13.1.5

f5/big-ip_edge

Timeline

Published Feb 01, 2023

Tracked Since Feb 18, 2026