CVE-2021-23022
📋 TL;DR
This vulnerability involves weak file and folder permissions in the temporary folder of the BIG-IP Edge Client Windows Installer Service, allowing attackers to potentially write or modify files. It affects BIG-IP Edge Client versions 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, specifically on Windows systems where the service is installed.
💻 Affected Systems
- F5 BIG-IP Edge Client
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker could exploit this to escalate privileges, execute arbitrary code, or install malware on the affected Windows system, leading to full compromise.
Likely Case
In real-world scenarios, attackers might use this to gain unauthorized access or persistence on the system, potentially leading to data theft or further network infiltration.
If Mitigated
With proper controls like strict file permissions and monitoring, the impact is reduced to minimal, limiting the ability for attackers to exploit the vulnerability.
🎯 Exploit Status
Exploitation likely requires local access to the system and knowledge of the weak permissions, but no public proof-of-concept has been disclosed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Upgrade to version 7.2.1.3 or 7.1.9.9 Update 1 or later
Vendor Advisory: https://support.f5.com/csp/article/K08503505
Restart Required: Yes
Instructions:
1. Download the updated version from the F5 support site. 2. Run the installer on the affected Windows system. 3. Follow on-screen prompts to complete the installation. 4. Restart the system to apply changes.
🔧 Temporary Workarounds
Adjust File Permissions
windowsManually set stricter permissions on the temporary folder used by the BIG-IP Edge Client Windows Installer Service to prevent unauthorized access.
icacls "C:\Path\To\Temp\Folder" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" /deny "Users:(OI)(CI)(W)"
🧯 If You Can't Patch
- Monitor the temporary folder for unauthorized file modifications or access attempts.
- Restrict user permissions on the affected system to limit potential exploitation vectors.
🔍 How to Verify
Check if Vulnerable:
Check the installed version of BIG-IP Edge Client via the Windows Control Panel or by running 'bigipedgeclient --version' in command prompt, and compare with affected versions.Check Version:
bigipedgeclient --versionVerify Fix Applied:
After patching, verify the version is 7.2.1.3 or 7.1.9.9 Update 1 or later, and check that file permissions on the temporary folder are properly restricted.📡 Detection & Monitoring
Log Indicators:
- Unusual file creation or modification events in the temporary folder logs, or security alerts related to permission changes.
Network Indicators:
- No specific network indicators, as this is a local vulnerability.
SIEM Query:
Example: EventID 4663 or 4656 in Windows Security logs with target path containing the BIG-IP Edge Client temporary folder.