F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000160981)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160981 advisory. A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker...

CVE-2026-41959 iControl and tmsh REST vulnerability

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems. Note: Software versions which have...

K000160981: iControl REST and tmsh vulnerability CVE-2026-40698

Security Advisory Description A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell tmsh resulting in privilege escalation...

PT-2026-40653

Name of the Vulnerable Software and Affected Versions BIG-IP versions prior to 17.1.3.2 BIG-IP versions prior to 17.5.1.6 BIG-IP versions prior to 21.0.0.2 BIG-IQ versions prior to 17.1.3.2 BIG-IQ versions prior to 17.5.1.6 BIG-IQ versions prior to 21.0.0.2 Description A privilege escalation issu...

CVE-2025-59481 BIG-IP iControl REST and tmsh vulnerability

A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful exploit can allow the attacker to cross a security...

EUVD-2020-27012

Malware in sbrugna...

CVE-2025-31644

When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacke...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. F5 iControl REST and TMSH have improper privilege management, and an authenticated attacker with resource administrator role...

CVE-2020-5858

On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles for example, Guest or Resource Administrator with tmsh shell access can execute arbitrary commands with elevated...

CVE-2020-5858

On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles for example, Guest or Resource Administrator with tmsh shell access can execute arbitrary commands with elevated...