CVE-2023-40542

Q: What is the severity of CVE-2023-40542?

CVE-2023-40542 has a CVSS score of 7.5 (HIGH). This vulnerability in F5 BIG-IP systems allows attackers to cause memory exhaustion through specially crafted TCP requests when TCP Verified Accept is enabled. It affects BIG-IP systems with vulnerable configurations, potentially leading to denial of service. Only systems with specific TCP profile configurations are vulnerable.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in F5 BIG-IP systems allows attackers to cause memory exhaustion through specially crafted TCP requests when TCP Verified Accept is enabled. It affects BIG-IP systems with vulnerable configurations, potentially leading to denial of service. Only systems with specific TCP profile configurations are vulnerable.

💻 Affected Systems

Products:

F5 BIG-IP

Versions: Multiple BIG-IP versions (specific versions detailed in F5 advisory)

Operating Systems: F5 TMOS

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when TCP Verified Accept is enabled on a TCP profile configured on a Virtual Server. Systems that have reached End of Technical Support (EoTS) are not evaluated.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system memory exhaustion leading to denial of service, potentially affecting all services on the affected BIG-IP device.

🟠

Likely Case

Degraded performance and intermittent service disruptions due to increased memory utilization.

🟢

If Mitigated

Minimal impact if TCP Verified Accept is disabled or proper rate limiting is in place.

🌐 Internet-Facing: HIGH - Internet-facing virtual servers with TCP Verified Accept enabled are directly exploitable.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but require internal network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specific TCP requests to vulnerable configurations. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to F5 advisory K000134652 for specific fixed versions

Vendor Advisory: https://my.f5.com/manage/s/article/K000134652

Restart Required: Yes

Instructions:

1. Review F5 advisory K000134652 for applicable fixed versions. 2. Download and install the appropriate patch from F5 Downloads. 3. Restart affected BIG-IP services or system as required.

🔧 Temporary Workarounds

Disable TCP Verified Accept

all

Disable TCP Verified Accept on TCP profiles configured on Virtual Servers

tmsh modify ltm profile tcp <profile_name> verified-accept disabled
tmsh save sys config

Apply Rate Limiting

all

Implement rate limiting on affected Virtual Servers to limit attack impact

tmsh modify ltm virtual <virtual_name> rate-limit <limit_value>

🧯 If You Can't Patch

Disable TCP Verified Accept on all TCP profiles used by Virtual Servers
Implement network-level rate limiting and monitoring for abnormal TCP traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check if TCP Verified Accept is enabled on any TCP profile: tmsh list ltm profile tcp verified-accept

Check Version:

tmsh show sys version

Verify Fix Applied:

Verify patch installation: tmsh show sys version | grep -i version, then confirm with F5 advisory

📡 Detection & Monitoring

Log Indicators:

Unusual memory utilization spikes in system logs
TCP connection anomalies in traffic logs

Network Indicators:

Abnormal TCP SYN/ACK patterns
Increased memory-related alerts from monitoring

SIEM Query:

source="bigip_logs" ("memory high" OR "tcp verified" OR "connection flood")

📊 Metadata

CVE ID: CVE-2023-40542

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

Published: October 10, 2023

Last Updated: September 19, 2025

🔗 References

https://my.f5.com/manage/s/article/K000134652 Vendor Advisory
https://my.f5.com/manage/s/article/K000134652 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Access Policy Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Firewall Manager by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Advanced Web Application Firewall by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Analytics by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Acceleration Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Security Manager by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Application Visibility And Reporting by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Carrier Grade Nat by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Ddos Hybrid Defender by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Domain Name System by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Edge Gateway by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Fraud Protection Service by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Global Traffic Manager by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Link Controller by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Local Traffic Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Policy Enforcement Manager by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Ssl Orchestrator by F5

Big Ip Webaccelerator by F5

Big Ip Webaccelerator by F5

Big Ip Webaccelerator by F5

Big Ip Webaccelerator by F5

Big Ip Websafe by F5

Big Ip Websafe by F5

Big Ip Websafe by F5

Big Ip Websafe by F5

⚠️ Risk & Real-World Impact