FKIE_CVE-2026-42937
Vulnerability from fkie_nvd - Published: 2026-05-13 16:16 - Updated: 2026-06-17 18:10
Severity
Summary
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | https://my.f5.com/manage/s/article/K000161018 | Mitigation, Vendor Advisory |
Impacted products
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unknown",
"modules": [
"All Modules"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "21.1.0",
"versionType": "custom"
},
{
"lessThan": "21.0.0.2",
"status": "affected",
"version": "21.0.0",
"versionType": "custom"
},
{
"lessThan": "17.5.1.6",
"status": "affected",
"version": "17.5.0",
"versionType": "custom"
},
{
"lessThan": "17.1.3.2",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "*",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "BIG-IQ",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "8.4.0",
"versionType": "custom"
}
]
}
],
"source": "f5sirt@f5.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3A2286-B181-47DA-BCB3-A9D0E0B357AC",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "004CBB88-E617-4A0A-BE42-E1E6BB52D736",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "920FA89D-E154-4936-B88E-8B60D5B39B40",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94ADD021-8229-4CDE-AE73-33FB1BD4A3C5",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "216A1ED3-D0CD-4A08-B9E8-A5B54942E831",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA7B9727-7694-4D1B-8B48-175196544050",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5481F477-166F-4321-80A0-539095C6B829",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5462B02C-4414-4B14-A671-D8993BD9511D",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6B33EA-BD41-45A1-801F-BF2439E4F501",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "972BEB00-AAC3-42F7-BB45-881E1A3D1131",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "226B7285-7977-4BBC-947E-E9541E1AAB89",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49FF41-861D-488F-94DC-DAE222A9BE0D",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4962EDD5-384F-4ABC-8696-8C4AACEE19BD",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7A5976-AAA0-4FF1-ADAC-4547F24765FA",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5728B748-0795-4056-91E8-B3A0DB3A3081",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C453B7CE-FBA6-46E7-975D-61D7A18773F9",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC77DFC2-A3DC-46E6-9419-0ABA84CD275E",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25701935-02F5-4BD8-95F0-6693C6606558",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC71E265-C7B7-4A78-B73A-32B5FECE5D36",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B029869-31AB-4FE2-846E-FC6F7133ADF8",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2760AEE2-DCA4-4ED8-92DE-F409EED1A7D9",
"versionEndIncluding": "16.1.6",
"versionStartIncluding": "16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5317A6D5-D918-4BE0-9084-36E9E2DE6473",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67A7F8C7-B295-4666-BC8B-FD3F086B731A",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D32F168-182B-44C6-B0E0-EA35FFEF085D",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D40D996-431C-4A80-8286-0DDE9CABE7D0",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "321F241A-C271-4935-BFCC-285147C29499",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "074343C5-CD56-4E06-9FCD-2D81BFE889A1",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00682C22-1F4E-4DDC-A821-123962660F7A",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "117301F9-F283-484E-B14B-1D64FF56D26D",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3565D432-B53A-47E6-AE2E-1C787EE7B630",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "598B7A83-1889-4993-B1FD-825102FF94D5",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D31ACBC-74FE-4AB9-A9A9-EDFAFDBDD3F0",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "699581D9-7F53-4049-BD8E-BABD3BE8FC8A",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F4B92-8FBF-4D8E-A7B0-9764349E20F9",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9531F9FE-3E20-4F00-B2E3-A09E3DDB5CA5",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68D0B5B9-8136-4E1E-9B12-46268C553C29",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_automation_toolchain:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49A6ED3D-DFFB-417D-8365-F4D6E14C4200",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55CEADD5-ACEE-49CC-A927-EBC854918D1E",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5225A6E-CBE6-425B-BFF9-87782B683CDC",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "321D28A5-6482-4DA4-B4A4-DF4B1B62664C",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_container_ingress_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C188C945-26B9-4D2C-B001-016D36C88917",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8AE9DF-2058-496A-AC23-75976EE1C542",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4F87ADD-0149-4AE0-AFEB-BB1AA123F2D5",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71DCA085-CCEA-4D2D-AB31-A2BA49D4502F",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23056306-3CD8-433F-BC25-483202073C43",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC00A74-D454-411F-9BE2-CC2F821992D6",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21157077-84EB-4497-9BA9-8A392E890D07",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D3043B-3A5D-4DE4-852C-60554B3E5DE2",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E32987D3-58EA-442D-8112-2C738862DADD",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8DE07C-B8C8-4E7C-8AB7-C9509484CAD9",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1BBEE0-9D86-4774-A548-E311A0C8679B",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A23687DC-EE3E-46BC-8866-066D832FC6F9",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FABD955F-7BF9-40EF-AAF7-619BE4E50CE7",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0.",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB24F2B3-1D94-4202-B33E-17044A8D3148",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C8107-BC7C-45FB-BC23-37C28F68F43F",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A0BD2D5-CCA6-43D5-8B98-10CF68D61504",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D271F5-159C-4A6A-915F-DDCA2A9466F1",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1EE0AF-906C-4C50-AB74-993AEF932E2D",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0360D51-AAF3-4543-9762-2DFFD8D756C5",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7523553-C008-4FB1-9CDD-92997E7B1BBD",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C31D653A-C3F4-4CFA-9CBF-B10B954B7D2C",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88F96EB4-332E-45A9-A6FC-457ADE8B63E1",
"versionEndIncluding": "17.1.3.1",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C665E549-E8AB-454D-9E19-539B0F27A3F0",
"versionEndIncluding": "17.5.1.4",
"versionStartIncluding": "17.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp\u00a0and ndp\u00a0commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information.\u00a0\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"id": "CVE-2026-42937",
"lastModified": "2026-06-17T18:10:16.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "f5sirt@f5.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "f5sirt@f5.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-42937",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T16:02:58.207895Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-05-13T16:16:50.050",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K000161018"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "f5sirt@f5.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…