PT-2026-40653 · F5 · Big-Ip+1
Published
2026-05-13
·
Updated
2026-05-17
·
CVE-2026-40698
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
BIG-IP versions prior to 17.1.3.2
BIG-IP versions prior to 17.5.1.6
BIG-IP versions prior to 21.0.0.2
BIG-IQ versions prior to 17.1.3.2
BIG-IQ versions prior to 17.5.1.6
BIG-IQ versions prior to 21.0.0.2
Description
A privilege escalation issue exists where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects. This is achieved through the iControl REST API or the TMOS shell (tmsh), leading to command injection.
Recommendations
Update BIG-IP to version 17.1.3.2 or later.
Update BIG-IP to version 17.5.1.6 or later.
Update BIG-IP to version 21.0.0.2 or later.
Update BIG-IQ to version 17.1.3.2 or later.
Update BIG-IQ to version 17.5.1.6 or later.
Update BIG-IQ to version 21.0.0.2 or later.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Big-Ip
Big-Iq