When proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. (CVE-2022-23032)
Impact
DNS rebinding allows external attackers to bypass the same-origin policy. A remote unauthenticated attacker can exploit this vulnerability to exfiltrate proxy configuration details, including subdomain information and internal IP addresses.