A DLL hijacking and privilege escalation vulnerability exists in the BIG-IP Edge Client Windows Installer. (CVE-2022-28714)
This issue was discovered by CodeGreen Systems Security Analyst and Principal Consultant Raeez Abdulla during a penetration testing engagement with one of our BFSI customers. It is being disclosed in accordance with industry best practices vulnerability disclosure policy and was notified to the F5 Security Incident Response Team on 4th Nov 2021.
F5 Product Development has assigned ID 1067993 (BIG-IP) to this vulnerability. This issue has been classified as CWE-427: Uncontrolled Search Path Element.
Further details of this vulnerability and Vendor acknowledgement to CodeGreen.
For details on CVE MITRE Reference, please refer to
Exploitation of CVE-2022-28714 (FIXED on 4th May 2022)
When a VPN application is downloaded and installed from the web portal, after running the installer for the first time, connection requires admin privileges to set up the driver, tunnel etc. During this process, it tries to load DLLs from directories where low privileged users have write access. This is vulnerable to highjacking. A crafted DLL can be placed by an attacker to hijack the execution for elevating the privilege.
The attacker who already has a foothold in the system, this vulnerability can be used for persistence and privilege escalation.
Big-IP APM Edge Clients.
The client-side fix is now available for download from the vendor link provided above.
Would like to know more?
Contact us at https://www.codegreen.ae/company/support
Tuesday , 23 Nov 2021
Issue discovered by Raeez Abdulla of CodeGreen Systems
Wednesday, 24 Nov 2021
Initial disclosure to F5-SIRT via Email
Thursday, 23 Dec, 2021
F5 PD assigns Bug ID: Bug 1067993
Wednesday, 04 May 2022
Client and Server side fix is released by F5
Thursday, 05 May 2022
Details on CVE-2022-28714 published