CVE Catalog

CVE-2026-42937

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile - higher than 10% of all known CVEs

Summary

Vulnerabilities related to incorrect permission assignment exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and ndp commands, as well as in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information.

Risk Assessment

The organization may be exposed to the disclosure of sensitive network information, potentially leading to further attacks or security breaches.

Recommendation

It is recommended to update the software to the latest version to mitigate these vulnerabilities and to monitor system access for potential attack attempts.

Original NVD description (English source)

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS