What is CVE-2021-23023?

A high-severity DLL hijacking vulnerability exists in F5 BIG-IP Access Policy Manager affecting multiple versions. Organizations should prioritize patching to mitigate potential risks associated with this vulnerability.

What is the severity of CVE-2021-23023?

CVE-2021-23023 has a severity rating of HIGH with a CVSS base score of 7.8.

CVE-2021-23023 | High Vulnerability in F5 BIG-IP Access Policy Manager

On June 10, 2021, a high-severity vulnerability identified as CVE-2021-23023 was published, affecting F5's BIG-IP Access Policy Manager. This vulnerability allows DLL hijacking through the cachecleaner.dll component, included in the Windows Installer for BIG-IP Edge Client. The severity is rated high with a CVSS score of 7.8, indicating significant risk to organizations. The affected versions are 7.2.1.x prior to 7.2.1.3 and 7.1.x prior to 7.1.9.9 Update 1.

Risk to organizations includes potential unauthorized access and exploitation of the affected systems. Attackers may leverage this vulnerability to execute arbitrary code by placing malicious DLL files in specific directories. The attack vector is local, and while user interaction is required, the attack complexity is low.

Organizations should prioritize patching immediately to address this vulnerability, as the risk of exploitation can lead to severe consequences, including loss of data integrity and availability.

Given the nature of the vulnerability and its implications, it is crucial for security teams to conduct thorough assessments and implement necessary mitigations.

Vulnerability Details

The official CVE description states: 'On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.'

The vulnerability is classified under CWE-427, indicating it relates to DLL hijacking. The CVSS score of 7.8 categorizes it as high severity, reflecting the potential impact on confidentiality, integrity, and availability.

Technical Analysis

The root cause of CVE-2021-23023 is the improper management of DLL files within the BIG-IP Edge Client installation process. This vulnerability can be exploited locally, requiring an attacker to have access to the system. The complexity of the attack is low, meaning that attackers with minimal expertise can exploit it.

Privileges required for exploitation are none, and user interaction is necessary to trigger the vulnerability. The potential impacts are significant, with high confidentiality, integrity, and availability impacts.

Risk & Impact Analysis

The real-world deployment of this vulnerability poses a significant risk to organizations using affected versions of F5's BIG-IP Access Policy Manager. Exploitation could lead to unauthorized system access, data breaches, and potential disruptions to business operations. The blast radius could extend to sensitive data and critical infrastructure, emphasizing the urgency of addressing this vulnerability.

Organizations should assess their current deployment of F5 products, particularly those not updated to the latest versions, and prioritize remediation based on the CVSS score and the potential impact.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected products include F5's BIG-IP Access Policy Manager versions 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1. Organizations should treat all versions prior to vendor patch as vulnerable.

Mitigation & Remediation

Organizations should prioritize patching to mitigate this vulnerability. F5 has released updates to address this issue. Ensure systems are updated to at least version 7.2.1.3 or 7.1.9.9 Update 1. In cases where immediate patching is not possible, consider implementing network segmentation to limit exposure and monitor for unusual activity.

For further details, organizations may refer to the comprehensive resources on penetration testing to validate their security posture.

Detection Guidance

To detect potential exploitation of this vulnerability, security teams should monitor logs for indications of unauthorized DLL file modifications. Additionally, behavioral anomalies such as unexpected application crashes or errors related to cachecleaner.dll should be investigated promptly.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2021-23023 lies in its representation of broader software supply chain vulnerabilities. This incident highlights the importance of ensuring secure coding practices and rigorous testing of components in software distributions. Security teams should learn from this case to improve their application's resilience against similar threats.

Organizations are advised to regularly review their vulnerability management programs, as well as consider engaging in vulnerability management program design to proactively address such issues in the future.

Furthermore, organizations should explore penetration testing methodologies to uncover hidden vulnerabilities and enhance their security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2021-23023: High Vulnerability in F5 BIG-IP Access Policy Manager