CVE-2023-40542 in BIG-IP
Summary
by MITRE • 10/25/2023
When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 09/19/2025
This vulnerability exists within F5 Big-IP systems when TCP Verified Accept is enabled on a TCP profile configured on a Virtual Server. The issue manifests as uncontrolled memory resource utilization increases when processing certain undisclosed requests. The vulnerability represents a resource exhaustion concern that can potentially lead to system instability or performance degradation. When TCP Verified Accept is enabled, the system performs additional verification steps during the TCP connection establishment process, which creates an opportunity for memory consumption to grow unexpectedly under specific request patterns.
The technical flaw stems from how the system handles memory allocation during TCP connection verification processes. When verified accept is enabled, the system maintains additional state information for connections and performs extra validation checks that can cause memory structures to grow without proper bounds checking. The undisclosed nature of the specific request patterns that trigger this behavior suggests the vulnerability may be related to particular TCP sequence handling or connection state management. This type of vulnerability typically falls under CWE-400 which covers unrestricted resource consumption, specifically memory exhaustion scenarios that can be exploited through crafted inputs or specific processing conditions.
The operational impact of this vulnerability can be significant for organizations relying on F5 Big-IP systems for critical network services. Memory exhaustion issues can lead to service degradation, application unavailability, or complete system instability if the memory consumption reaches critical levels. The vulnerability is particularly concerning because it can be triggered by requests that are not necessarily malicious in nature, making it difficult to detect and prevent through traditional security measures. Network administrators may experience unexpected performance degradation or system crashes during normal operations, especially under load conditions where the specific triggering patterns are more likely to occur.
Mitigation strategies should focus on immediate operational controls and long-term architectural improvements. Organizations should first consider disabling TCP Verified Accept on affected virtual servers until a proper patch is applied, though this may impact security posture if the feature was intentionally enabled for connection validation purposes. System monitoring should be enhanced to track memory utilization patterns and establish alerts for unusual consumption increases. Applying the vendor-provided security patches promptly is essential, as these updates typically address the underlying memory handling issues. Network segmentation and rate limiting can provide additional protection by reducing the impact of any potential exploitation attempts. The vulnerability aligns with ATT&CK technique T1499 which covers resource exhaustion attacks, and organizations should consider implementing defensive measures against such threats. Regular system audits and vulnerability assessments should include verification of TCP profile configurations to ensure that unnecessary security features are not creating unintended resource consumption patterns.