76 matches found
F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000160863)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160863 advisory. A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticat...
F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000161018)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000161018 advisory. Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell...
EUVD-2026-29989
Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell tmsh command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of...
EUVD-2026-29979
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell tmsh resulting in privilege escalation. Note: Software versions which...
EUVD-2026-29968
A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-41959
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems. Note: Software versions which have...
CVE-2026-40698
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell tmsh resulting in privilege escalation. Note: Software versions which...
CVE-2026-39459
A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-41959
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems. Note: Software versions which have...
CVE-2026-41959
CVE-2026-41959 affects BIG-IP/BIG-IQ TMOS Shell (tmsh) network diagnostics and iControl REST. Root cause: incorrect permission assignments allow an authenticated user to view destination systems’ network status. Impact: control-plane exposure (viewing network status) with no data-plane exposure; ...
CVE-2026-41959 iControl and tmsh REST vulnerability
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems. Note: Software versions which have...
CVE-2026-42937 iControl REST and tmsh vulnerability
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...
CVE-2026-42937 iControl REST and tmsh vulnerability
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...
CVE-2026-41217
The CVE-2026-41217 entry describes a vulnerability in an undisclosed BIG-IP TMOS Shell (tmsh) command that can allow an authenticated user with resource administrator or administrator role to execute arbitrary system commands with elevated privileges. In Appliance mode, a successful exploit can c...
CVE-2026-39459 iControl REST and tmsh vulnerability
A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-39459 iControl REST and tmsh vulnerability
A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-40061 iControl REST and tmsh vulnerability
When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In Appliance mode...
CVE-2026-40061
CVE-2026-40061 affects BIG-IP DNS and relates to an undisclosed iControl REST and tmsh command that an authenticated attacker with Resource Administrator or Administrator privileges can use to execute arbitrary system commands with higher privileges. In Appliance mode, exploit could cross a secur...
CVE-2026-42408
When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell tmsh command that may allow a highly privileged authenticated attacker to view sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-40462
CVE-2026-40462 affects F5 BIG-IP: an incorrect permission assignment in iControl REST and the TMOS shell (tmsh) could allow an authenticated user to view sensitive information (control plane exposure). Concrete details from connected advisories show affected branches/versions and available fixes....