CVE-2022-28714 : Exploit Details and Defense Strategies

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Understanding CVE-2022-28714

This CVE affects F5 products such as BIG-IP APM and BIG-IP APM Clients due to a DLL hijacking vulnerability.

What is CVE-2022-28714?

CVE-2022-28714 involves a DLL hijacking vulnerability in the BIG-IP Edge Client Windows Installer on specific versions of BIG-IP APM and BIG-IP APM Clients.

The Impact of CVE-2022-28714

The vulnerability has been rated with a CVSS base score of 7.3, indicating a high severity level, with impacts on confidentiality, integrity, and availability.

Technical Details of CVE-2022-28714

Below are the technical details related to the CVE:

Vulnerability Description

The vulnerability involves DLL hijacking in the BIG-IP Edge Client Windows Installer.

Affected Systems and Versions

BIG-IP APM 16.1.x versions prior to 16.1.2.2
BIG-IP APM 15.1.x versions prior to 15.1.5.1
BIG-IP APM 14.1.x versions prior to 14.1.4.6
BIG-IP APM 13.1.x versions prior to 13.1.5
BIG-IP APM 12.1.x and 11.6.x
BIG-IP APM Clients 7.x versions prior to 7.2.1.5

Exploitation Mechanism

The vulnerability requires low privileges to exploit and user interaction is required for successful exploitation.

Mitigation and Prevention

To address CVE-2022-28714, consider the following steps:

Immediate Steps to Take

Update to a fixed version provided by F5. Follow security best practices.

Long-Term Security Practices

Regularly check for security advisories from F5 and apply patches promptly.

Patching and Updates

Ensure that all affected systems are updated with the latest security patches from F5.