CVE-2023-36858

CWE-3454 documents4 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 78.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
F5 Big-ip Edge ClientF5 Access Policy Manager ClientsF5 Big-ip Access Policy Manager
Timeline
PublishedAug 2

Description

An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

CVEListV5f5/big-ip_edge_client7.2.37.2.4.3
NVDf5/access_policy_manager_clients7.2.37.2.4.3
NVDf5/big-ip_access_policy_manager13.1.013.1.5+4

🔴Vulnerability Details

2
GHSA
GHSA-x8v9-642f-j4vc: An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configu2023-08-02
CVEList
BIG-IP Edge Client for Windows and macOS vulnerability2023-08-02

📋Vendor Advisories

1
F5
CVE-2023-36858: An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow ...2023-08-02
CVE-2023-36858 (MEDIUM CVSS 5.5) | An insufficient verification of dat | cvebase.io