CVE-2026-42937
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
Vulnerabilities related to incorrect permission assignment exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and ndp commands, as well as in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information.
Risk Assessment
The organization may be exposed to the disclosure of sensitive network information, potentially leading to further attacks or security breaches.
Recommendation
It is recommended to update the software to the latest version to mitigate these vulnerabilities and to monitor system access for potential attack attempts.
Original NVD description (English source)
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

