Blog Post:

CodeGreen Discovers 2nd Zero Day Vulnerability in F5: Privilege Escalation (CVE-2022-28714) Disclosure

Zero Day
May 2022

CodeGreen Discovers 2nd Zero Day Vulnerability in F5: Privilege Escalation (CVE-2022-28714) Disclosure

Wednesday, May 11, 2022

A DLL hijacking and  privilege escalation vulnerability exists in the BIG-IP Edge Client Windows Installer. (CVE-2022-28714)

This issue was discovered by CodeGreen Systems Security Analyst and Principal Consultant Raeez Abdulla during a penetration testing engagement with one of our BFSI customers. It is being disclosed in accordance with industry best practices vulnerability disclosure policy and was notified to the F5 Security Incident Response Team on 4th Nov 2021.

F5 Product Development has assigned ID 1067993 (BIG-IP) to this vulnerability. This issue has been classified as CWE-427: Uncontrolled Search Path Element.

Further details of this vulnerability and Vendor acknowledgement to CodeGreen.

For details on CVE MITRE Reference, please refer to

Exploitation of CVE-2022-28714 (FIXED on 4th May 2022)

When a VPN application is downloaded and installed from the web portal, after running the installer for the first time, connection requires admin privileges to set up the driver, tunnel etc. During this process, it tries to load DLLs from directories where low privileged users have write access. This is vulnerable to highjacking. A crafted DLL can be placed by an attacker to hijack the execution for elevating the privilege.

Vulnerability Impact

The attacker who already has a foothold in the system, this vulnerability can be used for persistence and privilege escalation.

Affected Platform(s)

Big-IP APM Edge Clients.

Remediating CVE-2022-28714

The client-side fix is now available for download from the vendor link provided above.

Would like to know more?

Contact us at

Disclosure Timeline

Tuesday , 23 Nov 2021

Issue discovered by Raeez Abdulla of CodeGreen Systems

Wednesday, 24 Nov 2021

Initial disclosure to F5-SIRT via Email

Thursday, 23 Dec, 2021

F5 PD assigns Bug ID: Bug 1067993

Wednesday, 04 May 2022

Client and Server side fix is released by F5

Thursday, 05 May 2022

Details on CVE-2022-28714 published

Posted on:

Wednesday, May 11, 2022


Zero Day


Read other latest posts

The Blog