Details of VAR-202302-0008

ID

VAR-202302-0008

CVE

CVE-2023-22283

TITLE

Windows for BIG-IP Edge Client Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2023-003167

DESCRIPTION

On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-22283 // JVNDB: JVNDB-2023-003167 // VULHUB: VHN-451914 // VULMON: CVE-2023-22283

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	15.1.8	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	13.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	15.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	17.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge	scope:	eq	version:	-	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	17.0.0.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	14.1.5	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	14.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	7.2.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lt	version:	7.2.3.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	lte	version:	16.1.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip edge client	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-003167 // NVD: CVE-2023-22283

CVSS

SEVERITY

CVSSV2

CVSSV3

f5sirt@f5.com:	CVE-2023-22283
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2023-22283
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-22283
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202302-099
value:	MEDIUM
Trust: 0.6

f5sirt@f5.com:	CVE-2023-22283
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.6
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2023-22283
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-003167 // CNNVD: CNNVD-202302-099 // NVD: CVE-2023-22283 // NVD: CVE-2023-22283

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-451914 // JVNDB: JVNDB-2023-003167 // NVD: CVE-2023-22283

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-099

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202302-099

PATCH

title:	K07143733	url:	https://my.f5.com/manage/s/article/K07143733	Trust: 0.8
title:	F5 BIG-IP Fixes for code issue vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=224517	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2023-22283	Trust: 0.1

sources: VULMON: CVE-2023-22283 // JVNDB: JVNDB-2023-003167 // CNNVD: CNNVD-202302-099

EXTERNAL IDS

db:	NVD	id:	CVE-2023-22283	Trust: 3.4
db:	JVNDB	id:	JVNDB-2023-003167	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-099	Trust: 0.6
db:	VULHUB	id:	VHN-451914	Trust: 0.1
db:	VULMON	id:	CVE-2023-22283	Trust: 0.1

sources: VULHUB: VHN-451914 // VULMON: CVE-2023-22283 // JVNDB: JVNDB-2023-003167 // CNNVD: CNNVD-202302-099 // NVD: CVE-2023-22283

REFERENCES

url:	https://my.f5.com/manage/s/article/k07143733	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-22283	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-22283/	Trust: 0.6
url:	https://github.com/live-hack-cve/cve-2023-22283	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-451914 // VULMON: CVE-2023-22283 // JVNDB: JVNDB-2023-003167 // CNNVD: CNNVD-202302-099 // NVD: CVE-2023-22283

SOURCES

db:	VULHUB	id:	VHN-451914
db:	VULMON	id:	CVE-2023-22283
db:	JVNDB	id:	JVNDB-2023-003167
db:	CNNVD	id:	CNNVD-202302-099
db:	NVD	id:	CVE-2023-22283

LAST UPDATE DATE

2024-08-14T15:11:03.049000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-451914	date:	2023-02-09T00:00:00
db:	VULMON	id:	CVE-2023-22283	date:	2023-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2023-003167	date:	2023-09-01T07:57:00
db:	CNNVD	id:	CNNVD-202302-099	date:	2023-02-10T00:00:00
db:	NVD	id:	CVE-2023-22283	date:	2023-10-04T16:53:45.020

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-451914	date:	2023-02-01T00:00:00
db:	VULMON	id:	CVE-2023-22283	date:	2023-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2023-003167	date:	2023-09-01T00:00:00
db:	CNNVD	id:	CNNVD-202302-099	date:	2023-02-01T00:00:00
db:	NVD	id:	CVE-2023-22283	date:	2023-02-01T18:15:10.727