Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (f5) · only source for this CVE.
CVSS VectorVendor: f5
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
AnalysisAI
Authenticated administrators with Resource Administrator or Administrator role can execute arbitrary system commands with elevated privileges in F5 BIG-IP scripted monitors, potentially crossing security boundaries in appliance mode deployments. The vulnerability requires high privilege level and network access but allows complete command execution with no user interaction, affecting confidentiality and integrity.
Technical ContextAI
BIG-IP scripted monitors are a component of F5's load balancing and application delivery platform that allow administrators to create custom monitoring scripts. The vulnerability is rooted in insufficient privilege validation (CWE-250: Execution with Unnecessary Privileges) within the scripted monitor functionality, where user-supplied input or script parameters are not properly isolated from higher-privilege execution contexts. The issue is specific to BIG-IP's monitoring subsystem, which runs with elevated system privileges. In appliance mode, where BIG-IP operates as a dedicated device with single-purpose architecture, the privilege escalation can breach the intended security boundary between administrative functions and system-level operations.
RemediationAI
Apply the patched BIG-IP version available from F5 via the vendor advisory K000161040 (https://my.f5.com/manage/s/article/K000161040). The advisory specifies which BIG-IP versions contain the fix; obtain the exact patched version number from F5's security advisory and upgrade accordingly. During patch deployment, schedule maintenance windows as BIG-IP upgrades typically require service interruption. As an interim compensating control, restrict Resource Administrator and Administrator role access to only necessary personnel and implement network-level access controls to limit who can reach BIG-IP management interfaces, reducing the pool of potential attackers. Monitor BIG-IP audit logs for suspicious scripted monitor creation or modification by administrative users. These controls do not eliminate the vulnerability but reduce attack surface until patching completes.
Remote code execution in F5 BIG-IP and BIG-IQ Configuration utility allows authenticated attackers with low privileges t
Memory-exhaustion denial of service in F5 BIG-IP affects any virtual server configured with an HTTP/2 profile, where a r
Resource exhaustion in BIG-IP Configuration utility allows remote unauthenticated attackers to trigger file descriptor e
Remote unauthenticated attackers can crash F5 BIG-IP and BIG-IP Next Traffic Management Microkernel (TMM) processes via
Traffic Management Microkernel (TMM) crash in F5 BIG-IP versions 16.1.0 through 21.0.0.1 allows unauthenticated remote a
Traffic Management Microkernel (TMM) denial-of-service in F5 BIG-IP DNS affects systems with DNS cache-enabled profiles
F5 BIG-IP Advanced WAF and Application Security Manager (ASM) suffer from a denial-of-service vulnerability when process
Remote memory exhaustion in F5 BIG-IP virtual servers crashes Traffic Management Microkernel when HTTP/2 Layer 7 DoS Pro
Traffic Management Microkernel (TMM) crashes in F5 BIG-IP Virtual Edition and hardware platforms when SSL profiles are c
Remote denial-of-service in F5 BIG-IP allows unauthenticated attackers to crash the Traffic Management Microkernel (TMM)
Traffic Management Microkernel (TMM) in F5 BIG-IP terminates when processing specific traffic against UDP virtual server
Denial of service in F5 BIG-IP virtual servers with SSL profiles allows remote unauthenticated attackers to exhaust conn
Same weakness CWE-250 – Execution with Unnecessary Privileges
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29962
GHSA-gq47-9c3w-7rrc