Detections
Analytics

F5 BIG-IP Edge Client Windows Component Installer 7.2.x < 7.2.3.1 DLL Hijacking (K07143733)

medium Nessus Plugin ID 174339

Language:

Synopsis

A web client installed on the remote Windows host is affected by a DLL hijacking vulnerability.

Description

The version of the Big-IP Edge Client Windows Component Installer installed on the remote Windows host is 7.2.2.x or 7.2.3.x before 7.2.3.1. It is, therefore, affected by a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. (CVE-2023-22283)

Solution

Upgrade client software to a version referenced in the advisory.

See Also

https://support.f5.com/csp/article/K07143733

Plugin Details

Severity: Medium

ID: 174339

File Name: f5_bigip_edge_client_component_installer_K07143733.nasl

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 4/14/2023

Updated: 5/10/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C

CVSS Score Source: CVE-2023-22283

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: x-cpe:/a:f5:edge_client_component_installer

Required KB Items: installed_sw/F5 Networks BIG-IP Edge Client Component Installer

Exploit Ease: No known exploits are available

Patch Publication Date: 2/1/2023

Vulnerability Publication Date: 2/1/2023

Reference Information

CVE: CVE-2023-22283

IAVA: 2023-A-0178-S