CVE-2023-36858: 
F5 BIG-IP Virtual Edition vulnerability analysis and mitigation

An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS (CVE-2023-36858) that may allow an attacker to modify its configured server list. The vulnerability affects BIG-IP Access Policy Manager (APM) clients versions 7.2.3 up to 7.2.4.3 and BIG-IP APM versions 13.1.0-13.1.5, 14.1.0-14.1.5, 15.1.0-15.1.9, 16.1.0-16.1.3, and 17.0.0-17.1.0 (NVD).

The vulnerability is classified with a CVSS v3.1 Base Score of 5.5 (Medium) by NIST with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, while F5 Networks assessed it with a score of 7.1 (High) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. The vulnerability is categorized under CWE-345 (Insufficient Verification of Data Authenticity) (NVD).

If exploited, this vulnerability allows an attacker to modify the configured server list in BIG-IP Edge Client installations. This could potentially lead to unauthorized changes in server configurations and affect the integrity of the system (NVD).

Users should upgrade to the latest version of the software that addresses this vulnerability. Note that software versions which have reached End of Technical Support (EoTS) are not evaluated (NVD, F5 Advisory).