PT-2026-40635 · F5 · Big-Iq+1
Published
2026-05-13
·
Updated
2026-05-17
·
CVE-2026-32643
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
BIG-IP versions prior to 17.1.3.2
BIG-IP versions prior to 17.5.1.6
BIG-IP versions prior to 21.0.0.2
BIG-IQ versions prior to 17.1.3.2
BIG-IQ versions prior to 17.5.1.6
BIG-IQ versions prior to 21.0.0.2
Description
A flaw in BIG-IP and BIG-IQ systems allows a highly privileged, authenticated attacker with at least the Certificate Manager role to modify configuration objects. This action can lead to the execution of arbitrary commands.
Recommendations
Update BIG-IP to version 17.1.3.2 or later.
Update BIG-IP to version 17.5.1.6 or later.
Update BIG-IP to version 21.0.0.2 or later.
Update BIG-IQ to version 17.1.3.2 or later.
Update BIG-IQ to version 17.5.1.6 or later.
Update BIG-IQ to version 21.0.0.2 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Big-Ip
Big-Iq