CVE-2023-36858
📋 TL;DR
This vulnerability allows attackers to modify the configured server list in BIG-IP Edge Client for Windows and macOS, potentially redirecting client connections to malicious servers. It affects BIG-IP Edge Client users on Windows and macOS platforms. Software versions that have reached End of Technical Support are not evaluated.
💻 Affected Systems
- BIG-IP Edge Client
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could redirect all client traffic to malicious servers, enabling man-in-the-middle attacks, credential theft, and complete compromise of client communications.
Likely Case
Targeted attacks redirecting specific users to phishing or credential harvesting sites, potentially leading to credential theft and unauthorized access.
If Mitigated
With proper network segmentation and monitoring, impact is limited to potential redirection attempts that can be detected and blocked.
🎯 Exploit Status
Requires attacker to modify client configuration, likely through social engineering or local access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to F5 advisory K000132563 for patched versions
Vendor Advisory: https://my.f5.com/manage/s/article/K000132563
Restart Required: Yes
Instructions:
1. Review F5 advisory K000132563
2. Identify affected BIG-IP Edge Client versions
3. Upgrade to patched version from F5 downloads
4. Restart affected systems after upgrade
🔧 Temporary Workarounds
Restrict Configuration Access
allLimit access to Edge Client configuration files and settings to prevent unauthorized modifications.
Monitor Server List Changes
allImplement monitoring for changes to Edge Client server configurations.
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized configuration changes
- Monitor network traffic for unexpected server connections and investigate anomalies
🔍 How to Verify
Check if Vulnerable:
Check BIG-IP Edge Client version against F5 advisory K000132563 for affected versionsCheck Version:
Check Edge Client 'About' section or consult F5 documentation for version checkingVerify Fix Applied:
Verify BIG-IP Edge Client has been updated to version listed in F5 advisory as patched📡 Detection & Monitoring
Log Indicators:
- Unexpected modifications to Edge Client configuration files
- Changes to server list configuration
Network Indicators:
- Connections to unexpected or unauthorized VPN/access servers
- Anomalous network traffic patterns from Edge Client
SIEM Query:
Search for events related to Edge Client configuration changes or unexpected server connections