F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A session expiration time insufficient vulnerability exists in F5 BIG-IP iControl REST, which stems from the fact that after logging out from the configuration utility, an authenticated user’s iControl REST token may An attacker could exploit this vulnerability to reuse an authenticated user’s iControl REST token generated from the configuration utility for a limited period of time and access it through the management port and/or its own IP address to execute arbitrary system commands, create or delete files, or disable services.