CVE-2023-22372

CWE-9244 documents4 sources
Severity
5.9MEDIUM
EPSS
0.3%
top 48.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 Big-ip Edge ClientF5 Big-ip Access Policy Manager
Timeline
PublishedMay 3
Latest updateJul 6

Description

In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5f5/big-ip_edge_client7.2.27.2.4.1
NVDf5/big-ip_access_policy_manager7.2.27.2.4.1+5

🔴Vulnerability Details

2
GHSA
GHSA-hffh-jrv7-cqxq: In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS2023-07-06
CVEList
BIG-IP Edge Client for Windows and Mac OS vulnerability2023-05-03

📋Vendor Advisories

1
F5
CVE-2023-22372: In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client ...2023-05-03
CVE-2023-22372 (MEDIUM CVSS 5.9) | In the pre connection stage | cvebase.io