A DLL hijacking and privilege escalation vulnerability exists in the BIG-IP Edge Client Windows Installer. (CVE-2022-28714)
This issue was discovered by CodeGreen Systems Security Analyst and Principal Consultant Raeez Abdulla during a penetration testing engagement with one of our BFSI customers. It is being disclosed in accordance with industry best practices vulnerability disclosure policy and was notified to the F5 Security Incident Response Team on 4th Nov 2021.
F5 Product Development has assigned ID 1067993 (BIG-IP) to this vulnerability. This issue has been classified as CWE-427: Uncontrolled Search Path Element.
Further details of this vulnerability and Vendor acknowledgement to CodeGreen.
https://support.f5.com/csp/article/K54460845
For details on CVE MITRE Reference, please refer to
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28714
When a VPN application is downloaded and installed from the web portal, after running the installer for the first time, connection requires admin privileges to set up the driver, tunnel etc. During this process, it tries to load DLLs from directories where low privileged users have write access. This is vulnerable to highjacking. A crafted DLL can be placed by an attacker to hijack the execution for elevating the privilege.
The attacker who already has a foothold in the system, this vulnerability can be used for persistence and privilege escalation.
Big-IP APM Edge Clients.
The client-side fix is now available for download from the vendor link provided above.
Contact us at https://www.codegreen.ae/company/support
Issue discovered by Raeez Abdulla of CodeGreen Systems
Initial disclosure to F5-SIRT via Email
F5 PD assigns Bug ID: Bug 1067993
Client and Server side fix is released by F5
Details on CVE-2022-28714 published
