Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-40537 (GCVE-0-2023-40537)
Vulnerability from cvelistv5 – Published: 2023-10-10 12:32 – Updated: 2024-09-19 13:42
VLAI?
EPSS
Title
Multi-blade VIPRION Configuration utility session cookie vulnerability
Summary
An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity ?
8.1 (High)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
F5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K29141800"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40537",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T13:41:53.174039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T13:42:04.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"All Modules"
],
"platforms": [
"Multi-blade VIPRION"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "17.1.0",
"versionType": "semver"
},
{
"lessThan": "16.1.4",
"status": "affected",
"version": "16.1.0",
"versionType": "semver"
},
{
"lessThan": "15.1.9",
"status": "affected",
"version": "15.1.0",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "affected",
"version": "14.1.0",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "affected",
"version": "13.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5"
}
],
"datePublic": "2023-10-18T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn authenticated user\u0027s session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.\u0026nbsp;\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\nAn authenticated user\u0027s session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T12:32:50.806Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K29141800"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Multi-blade VIPRION Configuration utility session cookie vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-40537",
"datePublished": "2023-10-10T12:32:50.806Z",
"dateReserved": "2023-10-05T19:17:25.713Z",
"dateUpdated": "2024-09-19T13:42:04.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://my.f5.com/manage/s/article/K29141800\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T18:38:50.347Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-40537\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-19T13:41:53.174039Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-19T13:42:00.574Z\"}}], \"cna\": {\"title\": \"Multi-blade VIPRION Configuration utility session cookie vulnerability\", \"source\": {\"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"F5\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"F5\", \"modules\": [\"All Modules\"], \"product\": \"BIG-IP\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"17.1.0\", \"lessThan\": \"*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"16.1.0\", \"lessThan\": \"16.1.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"15.1.0\", \"lessThan\": \"15.1.9\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"14.1.0\", \"lessThan\": \"*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"13.1.0\", \"lessThan\": \"*\", \"versionType\": \"semver\"}], \"platforms\": [\"Multi-blade VIPRION\"], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2023-10-18T14:00:00.000Z\", \"references\": [{\"url\": \"https://my.f5.com/manage/s/article/K29141800\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"F5 SIRTBot v1.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nAn authenticated user\u0027s session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.\\u00a0\\n\\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eAn authenticated user\u0027s session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.\u0026nbsp;\\n\\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\\n\\n\u003c/span\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-613\", \"description\": \"CWE-613 Insufficient Session Expiration\"}]}], \"providerMetadata\": {\"orgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"shortName\": \"f5\", \"dateUpdated\": \"2023-10-10T12:32:50.806Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-40537\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-19T13:42:04.256Z\", \"dateReserved\": \"2023-10-05T19:17:25.713Z\", \"assignerOrgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"datePublished\": \"2023-10-10T12:32:50.806Z\", \"assignerShortName\": \"f5\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CNVD-2023-75602
Vulnerability from cnvd - Published: 2023-10-11
VLAI Severity ?
Title
F5 BIG-IP会话过期不足漏洞
Description
F5 BIG-IP是F5公司的一款集成了网络流量编排、负载均衡、智能DNS,远程接入策略管理等功能的应用交付平台。
F5 BIG-IP存在会话过期不足漏洞,攻击者可利用该漏洞在有限的时间内重用由Configuration实用程序生成的身份验证用户的会话cookie,并通过管理端口和/或自IP地址进行访问,以执行任意系统命令、创建或删除文件或禁用服务。
Severity
高
Patch Name
F5 BIG-IP会话过期不足漏洞的补丁
Patch Description
F5 BIG-IP是F5公司的一款集成了网络流量编排、负载均衡、智能DNS,远程接入策略管理等功能的应用交付平台。
F5 BIG-IP存在会话过期不足漏洞,攻击者可利用该漏洞在有限的时间内重用由Configuration实用程序生成的身份验证用户的会话cookie,并通过管理端口和/或自IP地址进行访问,以执行任意系统命令、创建或删除文件或禁用服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://my.f5.com/manage/s/article/K000137053
Reference
https://my.f5.com/manage/s/article/K000137053
Impacted products
| Name | ['F5 BIG-IP (all modules) >=13.1.0,<=13.1.5', 'F5 BIG-IP (all modules) >=16.1.0,<=16.1.3', 'F5 BIG-IP (all modules) >=14.1.0,<=14.1.5', 'F5 BIG-IP (all modules) >=15.1.0,<=15.1.8'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-40537",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-40537"
}
},
"description": "F5 BIG-IP\u662fF5\u516c\u53f8\u7684\u4e00\u6b3e\u96c6\u6210\u4e86\u7f51\u7edc\u6d41\u91cf\u7f16\u6392\u3001\u8d1f\u8f7d\u5747\u8861\u3001\u667a\u80fdDNS\uff0c\u8fdc\u7a0b\u63a5\u5165\u7b56\u7565\u7ba1\u7406\u7b49\u529f\u80fd\u7684\u5e94\u7528\u4ea4\u4ed8\u5e73\u53f0\u3002\n\nF5 BIG-IP\u5b58\u5728\u4f1a\u8bdd\u8fc7\u671f\u4e0d\u8db3\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u6709\u9650\u7684\u65f6\u95f4\u5185\u91cd\u7528\u7531Configuration\u5b9e\u7528\u7a0b\u5e8f\u751f\u6210\u7684\u8eab\u4efd\u9a8c\u8bc1\u7528\u6237\u7684\u4f1a\u8bddcookie\uff0c\u5e76\u901a\u8fc7\u7ba1\u7406\u7aef\u53e3\u548c/\u6216\u81eaIP\u5730\u5740\u8fdb\u884c\u8bbf\u95ee\uff0c\u4ee5\u6267\u884c\u4efb\u610f\u7cfb\u7edf\u547d\u4ee4\u3001\u521b\u5efa\u6216\u5220\u9664\u6587\u4ef6\u6216\u7981\u7528\u670d\u52a1\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://my.f5.com/manage/s/article/K000137053",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-75602",
"openTime": "2023-10-11",
"patchDescription": "F5 BIG-IP\u662fF5\u516c\u53f8\u7684\u4e00\u6b3e\u96c6\u6210\u4e86\u7f51\u7edc\u6d41\u91cf\u7f16\u6392\u3001\u8d1f\u8f7d\u5747\u8861\u3001\u667a\u80fdDNS\uff0c\u8fdc\u7a0b\u63a5\u5165\u7b56\u7565\u7ba1\u7406\u7b49\u529f\u80fd\u7684\u5e94\u7528\u4ea4\u4ed8\u5e73\u53f0\u3002\r\n\r\nF5 BIG-IP\u5b58\u5728\u4f1a\u8bdd\u8fc7\u671f\u4e0d\u8db3\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u6709\u9650\u7684\u65f6\u95f4\u5185\u91cd\u7528\u7531Configuration\u5b9e\u7528\u7a0b\u5e8f\u751f\u6210\u7684\u8eab\u4efd\u9a8c\u8bc1\u7528\u6237\u7684\u4f1a\u8bddcookie\uff0c\u5e76\u901a\u8fc7\u7ba1\u7406\u7aef\u53e3\u548c/\u6216\u81eaIP\u5730\u5740\u8fdb\u884c\u8bbf\u95ee\uff0c\u4ee5\u6267\u884c\u4efb\u610f\u7cfb\u7edf\u547d\u4ee4\u3001\u521b\u5efa\u6216\u5220\u9664\u6587\u4ef6\u6216\u7981\u7528\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "F5 BIG-IP\u4f1a\u8bdd\u8fc7\u671f\u4e0d\u8db3\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"F5 BIG-IP (all modules) \u003e=13.1.0\uff0c\u003c=13.1.5",
"F5 BIG-IP (all modules) \u003e=16.1.0\uff0c\u003c=16.1.3",
"F5 BIG-IP (all modules) \u003e=14.1.0\uff0c\u003c=14.1.5",
"F5 BIG-IP (all modules) \u003e=15.1.0\uff0c\u003c=15.1.8"
]
},
"referenceLink": "https://my.f5.com/manage/s/article/K000137053",
"serverity": "\u9ad8",
"submitTime": "2023-10-11",
"title": "F5 BIG-IP\u4f1a\u8bdd\u8fc7\u671f\u4e0d\u8db3\u6f0f\u6d1e"
}
CERTFR-2023-AVI-0837
Vulnerability from certfr_avis - Published: 2023-10-12 - Updated: 2023-10-12
De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | NGINX | NGINX OSS versions 1.9.5 à 1.25.2 | ||
| F5 | BIG-IP | BIG-IP (tous modules) versions 16.1.x antérieures à 16.1.4.1 avec le correctif de sécurité Hotfix-BIGIP-16.1.4.1.0.13.5-ENG | ||
| F5 | BIG-IQ | BIG-IQ Centralized Management versions 8.0.0 à 8.3.0 antérieures à 8.3.0 avec le correctif Hotfix-BIG-IQ-8.3.0.0.12.118-ENG | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 1.5.0 à 1.8.2 | ||
| F5 | BIG-IP | BIG-IP (APM) versions 16.1.0 à 16.1.3 antérieures à 16.1.4 | ||
| F5 | NGINX Ingress Controller | NGINX Ingress Controller versions 3.0.0 à 3.3.0 | ||
| F5 | BIG-IP | BIG-IP (Advanced WAF/ASM) versions 16.1.x antérieures à 16.1.4 | ||
| F5 | NGINX Plus | NGINX Plus verions R25 à R30 antérieures à R30 P1 | ||
| F5 | BIG-IP | BIG-IP (DNS, LTM avec le license DNS Services activée) versions 13.1.x, 14.1.x, 15.1.x antérieures à 15.1.9 | ||
| F5 | NGINX Ingress Controller | NGINX Ingress Controller versions 2.0.0 à 2.4.2 | ||
| F5 | BIG-IP | BIG-IP (DNS, LTM avec le license DNS Services activée) versions 16.1.x antérieures à 16.1.4 | ||
| F5 | NGINX Ingress Controller | NGINX Ingress Controller versions 1.12.2 à 1.12.5 | ||
| F5 | BIG-IP Next | BIG-IP Next CNF versions 1.1.0 à 1.1.1 | ||
| F5 | NGINX | NGINX App Protect WAF versions 3.3.0 à 3.12.2 et 4.x antérieures à 4.2.0 | ||
| F5 | BIG-IP | BIG-IP (Advanced WAF/ASM) versions 13.1.x, 14.1.x, 15.1.x antérieures à 15.1.9 | ||
| F5 | N/A | APM Clients versions 7.2.3.x, 7.2.4.x antérieures à 7.2.4.5 | ||
| F5 | BIG-IP Next | BIG-IP Next (tous modules) version 20.0.1 | ||
| F5 | BIG-IP | BIG-IP (tous modules) versions 13.1.x, 14.1.x, 15.1.x antérieures à 15.1.10.2 | ||
| F5 | BIG-IP | BIG-IP (tous modules) versions 17.1.x antérieures à 17.1.0.3 avec le correctif de sécurité Hotfix-BIGIP-17.1.0.3.0.23.4-ENG | ||
| F5 | BIG-IP | BIG-IP (APM) versions 14.1.x, 15.1.x antérieures à 15.1.9 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NGINX OSS versions 1.9.5 \u00e0 1.25.2",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous modules) versions 16.1.x ant\u00e9rieures \u00e0 16.1.4.1 avec le correctif de s\u00e9curit\u00e9 Hotfix-BIGIP-16.1.4.1.0.13.5-ENG",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IQ Centralized Management versions 8.0.0 \u00e0 8.3.0 ant\u00e9rieures \u00e0 8.3.0 avec le correctif Hotfix-BIG-IQ-8.3.0.0.12.118-ENG",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 1.5.0 \u00e0 1.8.2",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (APM) versions 16.1.0 \u00e0 16.1.3 ant\u00e9rieures \u00e0 16.1.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Ingress Controller versions 3.0.0 \u00e0 3.3.0",
"product": {
"name": "NGINX Ingress Controller",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (Advanced WAF/ASM) versions 16.1.x ant\u00e9rieures \u00e0 16.1.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Plus verions R25 \u00e0 R30 ant\u00e9rieures \u00e0 R30 P1",
"product": {
"name": "NGINX Plus",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (DNS, LTM avec le license DNS Services activ\u00e9e) versions 13.1.x, 14.1.x, 15.1.x ant\u00e9rieures \u00e0 15.1.9",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Ingress Controller versions 2.0.0 \u00e0 2.4.2",
"product": {
"name": "NGINX Ingress Controller",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (DNS, LTM avec le license DNS Services activ\u00e9e) versions 16.1.x ant\u00e9rieures \u00e0 16.1.4",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Ingress Controller versions 1.12.2 \u00e0 1.12.5",
"product": {
"name": "NGINX Ingress Controller",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next CNF versions 1.1.0 \u00e0 1.1.1",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX App Protect WAF versions 3.3.0 \u00e0 3.12.2 et 4.x ant\u00e9rieures \u00e0 4.2.0",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (Advanced WAF/ASM) versions 13.1.x, 14.1.x, 15.1.x ant\u00e9rieures \u00e0 15.1.9",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "APM Clients versions 7.2.3.x, 7.2.4.x ant\u00e9rieures \u00e0 7.2.4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next (tous modules) version 20.0.1",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous modules) versions 13.1.x, 14.1.x, 15.1.x ant\u00e9rieures \u00e0 15.1.10.2",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (tous modules) versions 17.1.x ant\u00e9rieures \u00e0 17.1.0.3 avec le correctif de s\u00e9curit\u00e9 Hotfix-BIGIP-17.1.0.3.0.23.4-ENG",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (APM) versions 14.1.x, 15.1.x ant\u00e9rieures \u00e0 15.1.9",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40542",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40542"
},
{
"name": "CVE-2023-5450",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5450"
},
{
"name": "CVE-2023-41373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41373"
},
{
"name": "CVE-2023-43746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43746"
},
{
"name": "CVE-2023-40537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40537"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-41085",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41085"
},
{
"name": "CVE-2023-41253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41253"
},
{
"name": "CVE-2023-42768",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42768"
},
{
"name": "CVE-2023-43611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43611"
},
{
"name": "CVE-2023-45226",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45226"
},
{
"name": "CVE-2023-45219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45219"
},
{
"name": "CVE-2023-41964",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41964"
},
{
"name": "CVE-2023-39447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39447"
},
{
"name": "CVE-2023-40534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40534"
},
{
"name": "CVE-2023-43485",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43485"
}
],
"initial_release_date": "2023-10-12T00:00:00",
"last_revision_date": "2023-10-12T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0837",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000137053 du 10 octobre 2023",
"url": "https://my.f5.com/manage/s/article/K000137053"
}
]
}
FKIE_CVE-2023-40537
Vulnerability from fkie_nvd - Published: 2023-10-10 13:15 - Updated: 2024-11-21 08:19
Severity ?
Summary
An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | https://my.f5.com/manage/s/article/K29141800 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://my.f5.com/manage/s/article/K29141800 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94E0B611-902C-46BC-A099-881398828F0B",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F11226F6-9080-4126-ACBD-7211A2746214",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F16422-A642-4614-96F2-E5B4877E8206",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF2DF45-D15E-4239-A66C-9F8A924E383A",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD4CF11-44E9-4596-9397-AF7DBD81277B",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE979976-11C7-4AFF-8BE4-A094CC9C39CF",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34A88673-CDD5-48FC-9491-6852324E26EA",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D82BCD8-136A-476C-AC86-710CA8B32EB7",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "377DE308-CF91-488A-B296-30A3B09451D3",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F53FFE68-BE06-4F16-8C33-58711E86E254",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0FE692A-CD63-4354-B599-2F47EEEFDD37",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F02EC0-E6C2-4E00-9804-043982D88BCE",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9BB7368-B6F8-462F-B17F-02CFBB0EE310",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "672067B7-C838-4F0B-B3D0-E85F71715B0A",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C17D18-1172-4396-9099-F1F5EAEACE5A",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86BE84EA-63BC-49A2-8004-830255114059",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7280AA3-6EB0-4D9B-895B-B6883071740E",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95617B72-E7D8-44D2-AFF2-976595A72AFA",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7480CF69-7BEC-4582-85BB-58A6CBC51171",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16795277-E8E2-4713-BD65-207655546649",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0835E39B-F21E-4231-A4B9-5D511FF1B87A",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDE9EC9-8079-434F-8510-3DB4E3051BCA",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F005EFFD-3A40-4762-B0D6-8760C406130F",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8705476E-A246-4B57-A0E1-FD626C1B0DE5",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3AA014-6241-4EBA-BF9F-65D3D869C6E0",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18CD2C82-0080-495E-8A11-957E0C182A48",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C508A36-C041-406C-9C8A-A396C6EDC750",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D263C0C1-55C6-4AC3-B738-9F099C583AA0",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E912382D-131E-40F2-A337-72D6F2A3AD23",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91ED3C5E-92E8-44CF-AA99-A38C60AE677E",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F16999CA-0EE1-4F56-AF60-8F002B5F7CCE",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47962DDC-899F-4A98-ABF7-CC8A1AE7FF1C",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46A7F81E-84A2-4304-B18F-53E5CDBCEA43",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB67297-BDD9-4D15-9247-0F1A589D7450",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4958167-AB1F-4458-A06B-1B2DA313EEBD",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D982C3E6-43DE-4AA8-889F-044E70C7FCB2",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A96D578-675E-4B63-851F-CB71A92B25B1",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "944B8F9C-E5C6-4DA8-BF2B-1C0B6A388BC4",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DB6C626-BA78-4C06-8582-BFFCDF957429",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2765BBF9-8450-4889-9961-2C6DE64656F4",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCFAFFAC-000C-414D-83CF-B8B2C529D9CF",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E68BFC75-6977-4644-A169-48263B896849",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD85839-D8F4-4651-ABAC-9F092955785B",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1871634A-7609-4D01-8469-3D86F36DC19D",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "603324D6-FE7A-4209-B92B-94EF09AB5FF2",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D0A53D-5911-4406-8264-FC85ADDDD007",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "220FD008-8919-48D4-84CF-8C4D99C3C474",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1935A1CF-50B2-4572-AA06-3504DB25B954",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57114710-113A-4F2E-A5C2-07AB7BBC7354",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "077EBF51-B843-48B7-B31C-4BE1C99CE6F7",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EAC82FA-41CC-425A-89A0-CC9E2BF678EE",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A0A03A5-3120-4D8D-A580-E7546A740D61",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "338010BF-EFC6-42B9-9F12-865C48D421EB",
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14776B4F-DDEC-4B22-82A5-EA231B3895F0",
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn authenticated user\u0027s session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n"
},
{
"lang": "es",
"value": "La cookie de sesi\u00f3n de un usuario autenticado puede permanecer v\u00e1lida por un tiempo limitado despu\u00e9s de cerrar sesi\u00f3n en la utilidad de configuraci\u00f3n BIG-IP en una plataforma VIPRION multiblade. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se eval\u00faan."
}
],
"id": "CVE-2023-40537",
"lastModified": "2024-11-21T08:19:40.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "f5sirt@f5.com",
"type": "Secondary"
}
]
},
"published": "2023-10-10T13:15:20.840",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K29141800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K29141800"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "f5sirt@f5.com",
"type": "Secondary"
}
]
}
GSD-2023-40537
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-40537",
"id": "GSD-2023-40537"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-40537"
],
"details": "\nAn authenticated user\u0027s session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n",
"id": "GSD-2023-40537",
"modified": "2023-12-13T01:20:43.579331Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2023-40537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "17.1.0",
"versionType": "semver"
},
{
"lessThan": "16.1.4",
"status": "affected",
"version": "16.1.0",
"versionType": "semver"
},
{
"lessThan": "15.1.9",
"status": "affected",
"version": "15.1.0",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "affected",
"version": "14.1.0",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "affected",
"version": "13.1.0",
"versionType": "semver"
}
]
}
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "F5"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nAn authenticated user\u0027s session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n"
}
]
},
"generator": {
"engine": "F5 SIRTBot v1.0"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-613",
"lang": "eng",
"value": "CWE-613 Insufficient Session Expiration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://my.f5.com/manage/s/article/K29141800",
"refsource": "MISC",
"url": "https://my.f5.com/manage/s/article/K29141800"
}
]
},
"source": {
"discovery": "INTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.1.9",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2023-40537"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "\nAn authenticated user\u0027s session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://my.f5.com/manage/s/article/K29141800",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K29141800"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-10-19T16:43Z",
"publishedDate": "2023-10-10T13:15Z"
}
}
}
CVE-2023-40537
Vulnerability from fstec - Published: 10.10.2023
VLAI Severity ?
Title
Уязвимость средства контроля доступа и удаленной аутентификации BIG-IP Access Policy Manager, а также программных средств, BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, BIG-IP WebSafe, связанная с неверным сроком действия сеанса, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Description
Уязвимость средства контроля доступа и удаленной аутентификации BIG-IP Access Policy Manager, а также программных средств, BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, BIG-IP WebSafe связана с неверным сроком действия сеанса. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации
Severity ?
Vendor
F5 Networks, Inc.
Software Name
BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Carrier-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, BIG-IP WebSafe, BIG-IP Access Policy Manager
Software Version
от 15.1.0 до 15.1.9 (BIG-IP Advanced Firewall Manager), от 16.1.0 до 16.1.4 (BIG-IP Advanced Firewall Manager), от 15.1.0 до 15.1.9 (BIG-IP Advanced Web Application Firewall), от 16.1.0 до 16.1.4 (BIG-IP Advanced Web Application Firewall), от 15.1.0 до 15.1.9 (BIG-IP Analytics), от 16.1.0 до 16.1.4 (BIG-IP Analytics), от 15.1.0 до 15.1.9 (BIG-IP Application Acceleration Manager), от 16.1.0 до 16.1.4 (BIG-IP Application Acceleration Manager), от 15.1.0 до 15.1.9 (BIG-IP Application Security Manager), от 16.1.0 до 16.1.4 (BIG-IP Application Security Manager), от 15.1.0 до 15.1.9 (BIG-IP Application Visibility and Reporting (AVR)), от 16.1.0 до 16.1.4 (BIG-IP Application Visibility and Reporting (AVR)), от 15.1.0 до 15.1.9 (BIG-IP Carrier-Grade NAT (CGNAT)), от 16.1.0 до 16.1.4 (BIG-IP Carrier-Grade NAT (CGNAT)), от 15.1.0 до 15.1.9 (BIG-IP DDos Hybrid Defender), от 16.1.0 до 16.1.4 (BIG-IP DDos Hybrid Defender), от 15.1.0 до 15.1.9 (BIG-IP Domain Name System), от 16.1.0 до 16.1.4 (BIG-IP Domain Name System), от 15.1.0 до 15.1.9 (BIG-IP Fraud Protection Service), от 16.1.0 до 16.1.4 (BIG-IP Fraud Protection Service), от 15.1.0 до 15.1.9 (BIG-IP Global Traffic Manager), от 16.1.0 до 16.1.4 (BIG-IP Global Traffic Manager), от 15.1.0 до 15.1.9 (BIG-IP Link Controller), от 16.1.0 до 16.1.4 (BIG-IP Link Controller), от 15.1.0 до 15.1.9 (BIG-IP Local Traffic Manager), от 16.1.0 до 16.1.4 (BIG-IP Local Traffic Manager), от 15.1.0 до 15.1.9 (BIG-IP Policy Enforcement Manager), от 16.1.0 до 16.1.4 (BIG-IP Policy Enforcement Manager), от 15.1.0 до 15.1.9 (BIG-IP SSL Orchestrator), от 16.1.0 до 16.1.4 (BIG-IP SSL Orchestrator), от 15.1.0 до 15.1.9 (BIG-IP Webaccelerator), от 16.1.0 до 16.1.4 (BIG-IP Webaccelerator), от 15.1.0 до 15.1.9 (BIG-IP WebSafe), от 16.1.0 до 16.1.4 (BIG-IP WebSafe), от 15.1.0 до 15.1.9 (BIG-IP Access Policy Manager), от 16.1.0 до 16.1.4 (BIG-IP Access Policy Manager), от 13.1.0 до 14.1.5 включительно (BIG-IP Access Policy Manager), от 13.1.0 до 14.1.5 включительно (BIG-IP Advanced Firewall Manager), от 13.1.0 до 14.1.5 включительно (BIG-IP Application Security Manager), от 13.1.0 до 14.1.5 включительно (BIG-IP Domain Name System), от 13.1.0 до 14.1.5 включительно (BIG-IP Local Traffic Manager), от 13.1.0 до 14.1.5 включительно (BIG-IP Advanced Web Application Firewall), от 13.1.0 до 14.1.5 включительно (BIG-IP Analytics), от 13.1.0 до 14.1.5 включительно (BIG-IP Application Acceleration Manager), от 13.1.0 до 14.1.5 включительно (BIG-IP Application Visibility and Reporting (AVR)), от 13.1.0 до 14.1.5 включительно (BIG-IP Carrier-Grade NAT (CGNAT)), от 13.1.0 до 14.1.5 включительно (BIG-IP DDos Hybrid Defender), от 13.1.0 до 14.1.5 включительно (BIG-IP Fraud Protection Service), от 13.1.0 до 14.1.5 включительно (BIG-IP Global Traffic Manager), от 13.1.0 до 14.1.5 включительно (BIG-IP Link Controller), от 13.1.0 до 14.1.5 включительно (BIG-IP Policy Enforcement Manager), от 13.1.0 до 14.1.5 включительно (BIG-IP SSL Orchestrator), от 13.1.0 до 14.1.5 включительно (BIG-IP Webaccelerator), от 13.1.0 до 14.1.5 включительно (BIG-IP WebSafe)
Possible Mitigations
Использование рекомендаций:
https://my.f5.com/manage/s/article/K29141800
Reference
https://my.f5.com/manage/s/article/K29141800
https://vuldb.com/ru/?id.241670
https://www.cve.org/CVERecord?id=CVE-2023-40537
CWE
CWE-613
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "F5 Networks, Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP Advanced Firewall Manager), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP Advanced Firewall Manager), \u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP Advanced Web Application Firewall), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP Advanced Web Application Firewall), \u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP Analytics), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP Analytics), \u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP Application Acceleration Manager), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP Application Acceleration Manager), \u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP Application Security Manager), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP Application Security Manager), \u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP Application Visibility and Reporting (AVR)), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP Application Visibility and Reporting (AVR)), \u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP Carrier-Grade NAT (CGNAT)), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP Carrier-Grade NAT (CGNAT)), \u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP DDos Hybrid Defender), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP DDos Hybrid Defender), \u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP Domain Name System), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP Domain Name System), \u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP Fraud Protection Service), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP Fraud Protection Service), \u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP Global Traffic Manager), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP Global Traffic Manager), \u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP Link Controller), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP Link Controller), \u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP Local Traffic Manager), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP Local Traffic Manager), \u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP Policy Enforcement Manager), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP Policy Enforcement Manager), \u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP SSL Orchestrator), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP SSL Orchestrator), \u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP Webaccelerator), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP Webaccelerator), \u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP WebSafe), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP WebSafe), \u043e\u0442 15.1.0 \u0434\u043e 15.1.9 (BIG-IP Access Policy Manager), \u043e\u0442 16.1.0 \u0434\u043e 16.1.4 (BIG-IP Access Policy Manager), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Access Policy Manager), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Advanced Firewall Manager), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Application Security Manager), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Domain Name System), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Local Traffic Manager), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Advanced Web Application Firewall), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Analytics), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Application Acceleration Manager), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Application Visibility and Reporting (AVR)), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Carrier-Grade NAT (CGNAT)), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP DDos Hybrid Defender), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Fraud Protection Service), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Global Traffic Manager), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Link Controller), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Policy Enforcement Manager), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP SSL Orchestrator), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP Webaccelerator), \u043e\u0442 13.1.0 \u0434\u043e 14.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (BIG-IP WebSafe)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://my.f5.com/manage/s/article/K29141800",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.10.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "25.10.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.10.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-07113",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-40537",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Carrier-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, BIG-IP WebSafe, BIG-IP Access Policy Manager",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 BIG-IP Access Policy Manager, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432, BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, BIG-IP WebSafe, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u0441\u0440\u043e\u043a\u043e\u043c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441\u0435\u0430\u043d\u0441\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u044b\u0439 \u0441\u0440\u043e\u043a \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441\u0435\u0430\u043d\u0441\u0430 (CWE-613)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 BIG-IP Access Policy Manager, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432, BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, BIG-IP WebSafe \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u0441\u0440\u043e\u043a\u043e\u043c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441\u0435\u0430\u043d\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u043e\u043a\u0430\u043c\u0438 \u0438 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://my.f5.com/manage/s/article/K29141800\nhttps://vuldb.com/ru/?id.241670\nhttps://www.cve.org/CVERecord?id=CVE-2023-40537",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-613",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,1)"
}
GHSA-HP29-CWPV-2M4X
Vulnerability from github – Published: 2023-10-10 15:30 – Updated: 2024-04-04 08:28
VLAI?
Details
An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity ?
8.1 (High)
{
"affected": [],
"aliases": [
"CVE-2023-40537"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-10T13:15:20Z",
"severity": "HIGH"
},
"details": "\nAn authenticated user\u0027s session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n",
"id": "GHSA-hp29-cwpv-2m4x",
"modified": "2024-04-04T08:28:56Z",
"published": "2023-10-10T15:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40537"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K29141800"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…