48 matches found
CVE-2026-41225
A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-32643
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
EUVD-2026-29978
An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
EUVD-2026-29986
A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-42924
An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-41225
A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-40631
An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-39459
A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-32643
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-42406 BIG-IP and BIG-IQ privilege escalation vulnerability
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...
CVE-2026-42406
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...
CVE-2026-32643 BIG-IP and BIG-IQ privilege escalation vulnerability
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-32643
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-41953 BIG-IP Privilege Escalation vulnerability
A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-41225 iControl REST vulnerability
A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-41953 BIG-IP Privilege Escalation vulnerability
A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-41953
CVE-2026-41953 affects BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects, leading to privilege escalation. The vulnerability is a control plane issue with no data-plane exposure, and impact includes priv...
CVE-2026-41225 iControl REST vulnerability
A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-40631
CVE-2026-40631 affects BIG-IP iControl SOAP. An authenticated attacker with Resource Administrator or Administrator rights can modify configuration objects via iControl SOAP, leading to privilege escalation. In Appliance mode, exploitation may cross security boundaries; data plane is not exposed....
CVE-2026-40698 iControl REST and TMSH vulnerability
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell tmsh resulting in privilege escalation. Note: Software versions which...