What is CVE-2023-22372?

CVE-2023-22372 is a medium severity vulnerability in F5's BIG-IP Access Policy Manager affecting Windows and Mac OS. Organizations should prioritize patching to mitigate potential integrity risks.

What is the severity of CVE-2023-22372?

CVE-2023-22372 has a severity rating of MEDIUM with a CVSS base score of 5.9.

CVE-2023-22372 | Medium Vulnerability in F5 BIG-IP Access Policy Manager

CVE-2023-22372 is identified as a medium severity vulnerability with a CVSS score of 5.9. This vulnerability allows an improper enforcement of message integrity in the pre-connection stage of the BIG-IP Edge Client for Windows and Mac OS. The implications of this vulnerability can result in high integrity impact, which organizations must address promptly to mitigate risks.

The vulnerability was published on May 3, 2023, and is classified under the CWE identifier CWE-924. It is important to note that versions of the software that have reached End of Technical Support (EoTS) were not evaluated in this context, which may affect the overall risk assessment for organizations still using these outdated versions.

In the context of exploitation, CVE-2023-22372 has not been confirmed to have any known exploits or proof of concept available. However, organizations should remain vigilant as vulnerabilities involving message integrity can be leveraged by attackers to manipulate data or bypass security controls, emphasizing the need for immediate remediation.

Organizations should prioritize patching immediately due to the potential integrity risks associated with this vulnerability, especially in environments where BIG-IP Access Policy Manager is deployed.

Vulnerability Details

CVE-2023-22372 is a vulnerability in the F5 BIG-IP Access Policy Manager, specifically affecting the BIG-IP Edge Client for Windows and Mac OS. The improper enforcement of message integrity during the pre-connection stage is the core issue. This has been rated with a CVSS score of 5.9, indicating a medium severity level.

The vulnerability arises from the configuration settings within the affected software versions, allowing high integrity impact without requiring any privileges or user interaction. The attack vector is categorized as network-based, with a high attack complexity.

This vulnerability affects several versions of the BIG-IP Access Policy Manager. Affected versions include 7.2.2 to 7.2.4.1, 13.1.0 to 13.1.5, 14.1.0 to 14.1.5, 15.1.0 to 15.1.8, 16.1.0 to 16.1.3, and 17.0.0 to 17.1.0.

Technical Analysis

The root cause of CVE-2023-22372 is linked to improper enforcement of message integrity. This vulnerability could allow attackers to manipulate the integrity of messages, potentially leading to unauthorized access or actions within the system.

The attack vector is primarily network-based, which means that an attacker can exploit this vulnerability remotely, without needing physical access to the system. Due to the high complexity of the attack, successful exploitation may require specific conditions or knowledge about the system's configuration.

No privileges are required for exploitation, and no user interaction is necessary, making this vulnerability particularly concerning. The integrity impact is rated as high, indicating that successful exploitation could allow significant alterations to data or system behavior without detection.

Risk & Impact Analysis

Risk to organizations includes potential manipulation of sensitive data and unauthorized actions within the affected systems. The integrity impact can lead to severe consequences, including data loss or corruption and the undermining of trust in the system's operations.

With a CVSS score of 5.9, organizations should address this vulnerability in their priority patch cycle. The urgency is moderated by the lack of known exploits and the high attack complexity; however, the potential impact remains significant.

Organizations using the affected versions of the BIG-IP Access Policy Manager should ensure that they are up to date with the latest patches and security updates to mitigate this vulnerability. The blast radius for this issue could extend to any system interacting with the BIG-IP Edge Client, amplifying the need for swift remediation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of the F5 BIG-IP Access Policy Manager are:

• 7.2.2 to 7.2.4.1

• 13.1.0 to 13.1.5

• 14.1.0 to 14.1.5

• 15.1.0 to 15.1.8

• 16.1.0 to 16.1.3

• 17.0.0 to 17.1.0

Mitigation & Remediation

To mitigate this vulnerability, organizations should ensure they are running the latest versions of the BIG-IP Access Policy Manager. Patching to the most recent version available is critical.

If a patch is not immediately available, organizations should consider implementing workarounds, such as restricting access to the affected components or employing additional network security measures to limit exposure.

Additionally, configuration hardening should be reviewed to ensure that message integrity is enforced throughout the network. Regular monitoring and security assessments are recommended to detect any anomalies.

For further assistance, organizations can explore our penetration testing services to identify and remediate vulnerabilities effectively.

Detection Guidance

Organizations should monitor logs for any unusual activities related to message integrity and access policies. Behavioral anomalies in the access management system can be indicative of attempts to exploit this vulnerability.

Network signatures should be established to detect malicious attempts to manipulate message integrity. System changes should also be closely monitored to identify unauthorized modifications.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2023-22372 highlights the critical need for organizations to maintain current security practices and continuously evaluate their systems for vulnerabilities. This incident underscores the importance of message integrity in maintaining the overall security posture.

Security teams should take this opportunity to reassess their vulnerability management programs to ensure they are equipped to address similar risks in the future. Emphasizing proactive measures such as regular patching, proper configuration, and continuous security assessments can significantly reduce exposure.

Organizations can further strengthen their security stance by implementing vulnerability management programs and enhancing their incident response strategies.

Finally, organizations should consider investing in penetration testing methodologies to better understand their vulnerabilities and improve their security frameworks.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-22372: Medium Vulnerability in F5 BIG-IP Access Policy Manager