Lucene search

[email protected]NVD:CVE-2023-40537

HistoryOct 10, 2023 - 1:15 p.m.

CVE-2023-40537

2023-10-1013:15:20

CWE-613

[email protected]

web.nvd.nist.gov

authenticated user

session cookie

logging out

big-ip configuration

viprion platform

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

An authenticated user’s session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected configurations

NVD

Node

f5big-ip_access_policy_managerRange13.1.0–14.1.5

f5big-ip_access_policy_managerRange15.1.0–15.1.9

f5big-ip_access_policy_managerRange16.1.0–16.1.4

Node

f5big-ip_advanced_firewall_managerRange13.1.0–14.1.5

f5big-ip_advanced_firewall_managerRange15.1.0–15.1.9

f5big-ip_advanced_firewall_managerRange16.1.0–16.1.4

Node

f5big-ip_application_security_managerRange13.1.0–14.1.5

f5big-ip_application_security_managerRange15.1.0–15.1.9

f5big-ip_application_security_managerRange16.1.0–16.1.4

Node

f5big-ip_domain_name_systemRange13.1.0–14.1.5

f5big-ip_domain_name_systemRange15.1.0–15.1.9

f5big-ip_domain_name_systemRange16.1.0–16.1.4

Node

f5big-ip_local_traffic_managerRange13.1.0–14.1.5

f5big-ip_local_traffic_managerRange15.1.0–15.1.9

f5big-ip_local_traffic_managerRange16.1.0–16.1.4

Node

f5big-ip_advanced_web_application_firewallRange13.1.0–14.1.5

f5big-ip_advanced_web_application_firewallRange15.1.0–15.1.9

f5big-ip_advanced_web_application_firewallRange16.1.0–16.1.4

Node

f5big-ip_analyticsRange13.1.0–14.1.5

f5big-ip_analyticsRange15.1.0–15.1.9

f5big-ip_analyticsRange16.1.0–16.1.4

Node

f5big-ip_application_acceleration_managerRange13.1.0–14.1.5

f5big-ip_application_acceleration_managerRange15.1.0–15.1.9

f5big-ip_application_acceleration_managerRange16.1.0–16.1.4

Node

f5big-ip_application_visibility_and_reportingRange13.1.0–14.1.5

f5big-ip_application_visibility_and_reportingRange15.1.0–15.1.9

f5big-ip_application_visibility_and_reportingRange16.1.0–16.1.4

Node

f5big-ip_carrier-grade_natRange13.1.0–14.1.5

f5big-ip_carrier-grade_natRange15.1.0–15.1.9

f5big-ip_carrier-grade_natRange16.1.0–16.1.4

Node

f5big-ip_ddos_hybrid_defenderRange13.1.0–14.1.5

f5big-ip_ddos_hybrid_defenderRange15.1.0–15.1.9

f5big-ip_ddos_hybrid_defenderRange16.1.0–16.1.4

Node

f5big-ip_fraud_protection_serviceRange13.1.0–14.1.5

f5big-ip_fraud_protection_serviceRange15.1.0–15.1.9

f5big-ip_fraud_protection_serviceRange16.1.0–16.1.4

Node

f5big-ip_global_traffic_managerRange13.1.0–14.1.5

f5big-ip_global_traffic_managerRange15.1.0–15.1.9

f5big-ip_global_traffic_managerRange16.1.0–16.1.4

Node

f5big-ip_link_controllerRange13.1.0–14.1.5

f5big-ip_link_controllerRange15.1.0–15.1.9

f5big-ip_link_controllerRange16.1.0–16.1.4

Node

f5big-ip_policy_enforcement_managerRange13.1.0–14.1.5

f5big-ip_policy_enforcement_managerRange15.1.0–15.1.9

f5big-ip_policy_enforcement_managerRange16.1.0–16.1.4

Node

f5big-ip_ssl_orchestratorRange13.1.0–14.1.5

f5big-ip_ssl_orchestratorRange15.1.0–15.1.9

f5big-ip_ssl_orchestratorRange16.1.0–16.1.4

Node

f5big-ip_webacceleratorRange13.1.0–14.1.5

f5big-ip_webacceleratorRange15.1.0–15.1.9

f5big-ip_webacceleratorRange16.1.0–16.1.4

Node

f5big-ip_websafeRange13.1.0–14.1.5

f5big-ip_websafeRange15.1.0–15.1.9

f5big-ip_websafeRange16.1.0–16.1.4

References

my.f5.com/manage/s/article/K29141800

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for NVD:CVE-2023-40537

cve1 cvelist1 nessus1 prion1 cnvd1 f52