First published: Wed Feb 01 2023(Updated: )
A DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path.
Affected Software | Affected Version | How to fix |
---|---|---|
F5 BIG-IP Access Policy Manager | =17.0.0 | 17.1.0 |
F5 BIG-IP Access Policy Manager | >=16.1.0<=16.1.3=3 | 16.1.3.4 |
F5 BIG-IP Access Policy Manager | >=15.1.0<=15.1.8=3 | 15.1.8.2 |
F5 BIG-IP Access Policy Manager | >=14.1.0<=14.1.5=3 | 14.1.5.4 |
F5 BIG-IP Access Policy Manager | >=13.1.0<=13.1.5=3 | |
F5 Access Policy Manager | =7.2.2 | 7.2.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The F5-K07143733 vulnerability is classified with a high severity rating due to the potential for DLL hijacking.
To fix F5-K07143733, upgrade to the patched versions of the BIG-IP Edge Client specified by F5 in their remediation details.
Yes, exploitation of the F5-K07143733 vulnerability requires user interaction to run the affected executable.
F5-K07143733 affects several versions of BIG-IP (APM) and BIG-IP APM Clients.
Yes, an attacker requires administrative privileges to exploit the F5-K07143733 vulnerability.