The vulnerability of the BIG-IP Access Policy Manager, as well as software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe, is related to incorrect session duration settings. This allows attackers to gain unauthorized access to protected information.

🗓️ 25 Oct 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Vulnerabilities in session duration settings across multiple components allow remote attackers to gain unauthorized access to protected information.

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-40537	10 Oct 202316:16	–	circl
CNNVD	F5 BIG-IP 代码问题漏洞	10 Oct 202300:00	–	cnnvd
CNVD	F5 Insufficient BIG-IP Session Expiration Vulnerability	11 Oct 202300:00	–	cnvd
CVE	CVE-2023-40537	10 Oct 202312:32	–	cve
Cvelist	CVE-2023-40537 Multi-blade VIPRION Configuration utility session cookie vulnerability	10 Oct 202312:32	–	cvelist
EUVD	EUVD-2023-45108	3 Oct 202520:07	–	euvd
F5 Networks	K000137053: Overview of F5 vulnerabilities (October 2023)	10 Oct 202312:02	–	f5
F5 Networks	K29141800: Multi-blade VIPRION Configuration utility session cookie vulnerability CVE-2023-40537	10 Oct 202310:28	–	f5
Tenable Nessus	F5 Networks BIG-IP : Multi-blade VIPRION Configuration utility session cookie vulnerability (K29141800)	2 Nov 202300:00	–	nessus
NCSC	Vulnerabilities fixed in F5 BIG-IP	10 Oct 202300:00	–	ncsc

Vulners

Node

f5_networks,big-ip_advanced_firewall_managerRange15.1.0–15.1.9

OR

f5_networks,big-ip_advanced_firewall_managerRange16.1.0–16.1.4

OR

f5_networks,big-ip_advanced_web_application_firewallRange15.1.0–15.1.9

OR

f5_networks,big-ip_advanced_web_application_firewallRange16.1.0–16.1.4

OR

f5_networks,big-ip_analyticsRange15.1.0–15.1.9

OR

f5_networks,big-ip_analyticsRange16.1.0–16.1.4

OR

f5_networks,big-ip_application_acceleration_managerRange15.1.0–15.1.9

OR

f5_networks,big-ip_application_acceleration_managerRange16.1.0–16.1.4

OR

f5_networks,big-ip_application_security_managerRange15.1.0–15.1.9

OR

f5_networks,big-ip_application_security_managerRange16.1.0–16.1.4

OR

f5_networks,big-ip_application_visibility_and_reporting_(avr)Range15.1.0–15.1.9

OR

f5_networks,big-ip_application_visibility_and_reporting_(avr)Range16.1.0–16.1.4

OR

f5_networks,big-ip_carrier-grade_nat_(cgnat)Range15.1.0–15.1.9

OR

f5_networks,big-ip_carrier-grade_nat_(cgnat)Range16.1.0–16.1.4

OR

f5_networks,big-ip_ddos_hybrid_defenderRange15.1.0–15.1.9

OR

f5_networks,big-ip_ddos_hybrid_defenderRange16.1.0–16.1.4

OR

f5_networks,big-ip_domain_name_systemRange15.1.0–15.1.9

OR

f5_networks,big-ip_domain_name_systemRange16.1.0–16.1.4

OR

f5_networks,big-ip_fraud_protection_serviceRange15.1.0–15.1.9

OR

f5_networks,big-ip_fraud_protection_serviceRange16.1.0–16.1.4

OR

f5_networks,big-ip_global_traffic_managerRange15.1.0–15.1.9

OR

f5_networks,big-ip_global_traffic_managerRange16.1.0–16.1.4

OR

f5_networks,big-ip_link_controllerRange15.1.0–15.1.9

OR

f5_networks,big-ip_link_controllerRange16.1.0–16.1.4

OR

f5_networks,big-ip_local_traffic_managerRange15.1.0–15.1.9

OR

f5_networks,big-ip_local_traffic_managerRange16.1.0–16.1.4

OR

f5_networks,big-ip_policy_enforcement_managerRange15.1.0–15.1.9

OR

f5_networks,big-ip_policy_enforcement_managerRange16.1.0–16.1.4

OR

f5_networks,big-ip_ssl_orchestratorRange15.1.0–15.1.9

OR

f5_networks,big-ip_ssl_orchestratorRange16.1.0–16.1.4

OR

f5_networks,big-ip_webacceleratorRange15.1.0–15.1.9

OR

f5_networks,big-ip_webacceleratorRange16.1.0–16.1.4

OR

f5_networks,big-ip_websafeRange15.1.0–15.1.9

OR

f5_networks,big-ip_websafeRange16.1.0–16.1.4

OR

f5_networks,big-ip_access_policy_managerRange15.1.0–15.1.9

OR

f5_networks,big-ip_access_policy_managerRange16.1.0–16.1.4

OR

f5_networks,big-ip_access_policy_managerRange13.1.0–14.1.5

OR

f5_networks,big-ip_advanced_firewall_managerRange13.1.0–14.1.5

OR

f5_networks,big-ip_application_security_managerRange13.1.0–14.1.5

OR

f5_networks,big-ip_domain_name_systemRange13.1.0–14.1.5

OR

f5_networks,big-ip_local_traffic_managerRange13.1.0–14.1.5

OR

f5_networks,big-ip_advanced_web_application_firewallRange13.1.0–14.1.5

OR

f5_networks,big-ip_analyticsRange13.1.0–14.1.5

OR

f5_networks,big-ip_application_acceleration_managerRange13.1.0–14.1.5

OR

f5_networks,big-ip_application_visibility_and_reporting_(avr)Range13.1.0–14.1.5

OR

f5_networks,big-ip_carrier-grade_nat_(cgnat)Range13.1.0–14.1.5

OR

f5_networks,big-ip_ddos_hybrid_defenderRange13.1.0–14.1.5

OR

f5_networks,big-ip_fraud_protection_serviceRange13.1.0–14.1.5

OR

f5_networks,big-ip_global_traffic_managerRange13.1.0–14.1.5

OR

f5_networks,big-ip_link_controllerRange13.1.0–14.1.5

OR

f5_networks,big-ip_policy_enforcement_managerRange13.1.0–14.1.5

OR

f5_networks,big-ip_ssl_orchestratorRange13.1.0–14.1.5

OR

f5_networks,big-ip_webacceleratorRange13.1.0–14.1.5

OR

f5_networks,big-ip_websafeRange13.1.0–14.1.5

Source	Link
my	www.my.f5.com/manage/s/article/K29141800
vuldb	www.vuldb.com/ru/
cve	www.cve.org/CVERecord
web	www.web.nvd.nist.gov/view/vuln/detail

25 Oct 2023 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 27.6

CVSS 38.1

EPSS0.00361

session duration bug remote attacker unauthorized access access policy manager advanced firewall manager web application firewall web analytics application security manager domain name system global traffic manager policy enforcement manager ssl orchestrator web accelerator web safe local traffic manager ddos defender