Sign-up

ID

VAR-202106-1418


CVE

CVE-2021-23023


TITLE

BIG-IP Edge Client Windows Installer  Vulnerability in Uncontrolled Search Path Elements

Trust: 0.8

sources: JVNDB: JVNDB-2021-008211

DESCRIPTION

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Edge Client Windows Installer There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. F5 BIG-IP Edge Gateway is a set of remote access solutions of F5 Company in the United States. F5 BIG-IP Edge Gateway has a security vulnerability that allows an unprivileged user to use a malicious DLL to elevate privileges on client Windows systems

Trust: 1.71

sources: NVD: CVE-2021-23023 // JVNDB: JVNDB-2021-008211 // VULHUB: VHN-381509

AFFECTED PRODUCTS

vendor:f5model:big-ip access policy managerscope:gteversion:7.1.6

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:7.2.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:7.1.9.9

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:ltversion:7.2.1.3

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:eqversion:7.2.1.3

Trust: 0.8

vendor:f5model:big-ip access policy managerscope:eqversion:7.1.9.9

Trust: 0.8

vendor:f5model:big-ip access policy managerscope:eqversion: -

Trust: 0.8

vendor:f5model:big-ip access policy managerscope:ltversion:7.1.x

Trust: 0.8

vendor:f5model:big-ip access policy managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip access policy managerscope:ltversion:7.2.1.x

Trust: 0.8

sources: JVNDB: JVNDB-2021-008211 // NVD: CVE-2021-23023

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-23023
value: HIGH

Trust: 1.0

NVD: CVE-2021-23023
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202106-129
value: HIGH

Trust: 0.6

VULHUB: VHN-381509
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-23023
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-381509
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-23023
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-23023
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-381509 // JVNDB: JVNDB-2021-008211 // CNNVD: CNNVD-202106-129 // NVD: CVE-2021-23023

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.1

problemtype:Uncontrolled search path elements (CWE-427) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-381509 // JVNDB: JVNDB-2021-008211 // NVD: CVE-2021-23023

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-129

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202106-129

PATCH

title:K33757590url:https://support.f5.com/csp/article/K33757590

Trust: 0.8

title:F5 BIG-IP Edge Gateway Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155202

Trust: 0.6

sources: JVNDB: JVNDB-2021-008211 // CNNVD: CNNVD-202106-129

EXTERNAL IDS

db:NVDid:CVE-2021-23023

Trust: 3.3

db:JVNDBid:JVNDB-2021-008211

Trust: 0.8

db:AUSCERTid:ESB-2021.1883

Trust: 0.6

db:CNNVDid:CNNVD-202106-129

Trust: 0.6

db:VULHUBid:VHN-381509

Trust: 0.1

sources: VULHUB: VHN-381509 // JVNDB: JVNDB-2021-008211 // CNNVD: CNNVD-202106-129 // NVD: CVE-2021-23023

REFERENCES

url:https://support.f5.com/csp/article/k33757590

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-23023

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.1883

Trust: 0.6

url:https://vigilance.fr/vulnerability/f5-big-ip-edge-client-for-windows-executing-dll-code-via-cachecleaner-dll-35589

Trust: 0.6

sources: VULHUB: VHN-381509 // JVNDB: JVNDB-2021-008211 // CNNVD: CNNVD-202106-129 // NVD: CVE-2021-23023

SOURCES

db:VULHUBid:VHN-381509
db:JVNDBid:JVNDB-2021-008211
db:CNNVDid:CNNVD-202106-129
db:NVDid:CVE-2021-23023

LAST UPDATE DATE

2024-08-14T14:31:42.571000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-381509date:2021-06-22T00:00:00
db:JVNDBid:JVNDB-2021-008211date:2022-03-08T04:51:00
db:CNNVDid:CNNVD-202106-129date:2021-06-28T00:00:00
db:NVDid:CVE-2021-23023date:2021-06-22T20:12:01.233

SOURCES RELEASE DATE

db:VULHUBid:VHN-381509date:2021-06-10T00:00:00
db:JVNDBid:JVNDB-2021-008211date:2022-03-08T00:00:00
db:CNNVDid:CNNVD-202106-129date:2021-06-02T00:00:00
db:NVDid:CVE-2021-23023date:2021-06-10T15:15:09.120