Lucene search

[email protected]CVE-2023-36858

HistoryAug 02, 2023 - 4:15 p.m.

CVE-2023-36858

2023-08-0216:15:10

CWE-345

[email protected]

web.nvd.nist.gov

cve-2023-36858

insufficient verification

data vulnerability

big-ip edge client

windows

macos

server list

attack vector

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected configurations

NVD

Node

applemacosMatch-

microsoftwindowsMatch-

AND

f5access_policy_manager_clientsRange7.2.3–7.2.4.3

f5big-ip_access_policy_managerRange13.1.0–13.1.5

f5big-ip_access_policy_managerRange14.1.0–14.1.5

f5big-ip_access_policy_managerRange15.1.0–15.1.9

f5big-ip_access_policy_managerRange16.1.0–16.1.3

f5big-ip_access_policy_managerRange17.0.0–17.1.0

CPENameOperatorVersion
f5:access_policy_manager_clientsf5 access policy manager clientslt7.2.4.3
f5:big-ip_access_policy_managerf5 big-ip access policy managerle13.1.5
f5:big-ip_access_policy_managerf5 big-ip access policy managerle14.1.5
f5:big-ip_access_policy_managerf5 big-ip access policy managerle15.1.9
f5:big-ip_access_policy_managerf5 big-ip access policy managerle16.1.3
f5:big-ip_access_policy_managerf5 big-ip access policy managerle17.1.0

CPE	Name	Operator	Version
f5:access_policy_manager_clients	f5 access policy manager clients	lt	7.2.4.3
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	le	13.1.5
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	le	14.1.5
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	le	15.1.9
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	le	16.1.3
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	le	17.1.0

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "platforms": [
      "Windows",
      "MacOS"
    ],
    "product": "BIG-IP Edge Client",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "7.2.4.3",
        "status": "affected",
        "version": "7.2.3",
        "versionType": "semver"
      }
    ]
  }
]