Vulnerabilities ›

CVE-2026-32643

High

CWE-250 — Weakness Type

                    Published: May 13, 2026                      ·  Modified: May 20, 2026                      ·  Source: NVD                

CVSS v3

8.7

🔗 NVD Official

📄 Description (English)

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🤖 AI Executive Summary

A critical privilege escalation vulnerability in F5 BIG-IP and BIG-IQ systems allows authenticated users with Certificate Manager role to execute arbitrary commands through configuration object manipulation. With CVSS 8.7 and no patch currently available, this poses significant risk to organizations using these systems for load balancing and application delivery. Immediate compensating controls and access restrictions are essential until patches are released.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 19, 2026 21:41

🇸🇦 Saudi Arabia Impact Assessment

Saudi banking sector (SAMA-regulated institutions) faces critical risk as BIG-IP systems are widely deployed for transaction processing and API gateway functions. Government agencies under NCA oversight using these systems for secure communications are vulnerable to insider threats. Telecom operators (STC, Mobily) relying on BIG-IQ for network traffic management could experience service disruption. Energy sector (ARAMCO, utilities) using these systems for SCADA/ICS protection faces potential operational technology compromise. Healthcare organizations managing patient data through BIG-IP load balancers are at risk of data exfiltration.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Telecommunications Energy and Utilities Healthcare Large Enterprise IT Infrastructure

🎯 MITRE ATT&CK Techniques

T1548 - Abuse Elevation Control Mechanism T1548.002 - Abuse Elevation Control Mechanism: Bypass User Account Control T1548.004 - Abuse Elevation Control Mechanism: Elevated Execution with Prompt T1078 - Valid Accounts T1078.003 - Valid Accounts: Local Accounts T1059 - Command and Scripting Interpreter T1059.001 - Command and Scripting Interpreter: PowerShell T1021 - Remote Services T1021.001 - Remote Services: Remote Terminal Service T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions

⚖️ Saudi Risk Score (AI)

8.2

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Audit all BIG-IP and BIG-IQ systems in your environment and document Certificate Manager role assignments

2. Restrict Certificate Manager role access to only essential personnel with documented business justification

3. Implement multi-factor authentication (MFA) for all privileged accounts accessing BIG-IP/BIG-IQ management interfaces

4. Enable comprehensive audit logging for all configuration changes and command execution

5. Monitor for suspicious configuration modifications, particularly certificate-related changes

COMPENSATING CONTROLS:

6. Implement network segmentation to restrict management interface access to dedicated admin networks

7. Deploy behavioral analytics to detect anomalous command execution patterns

8. Establish read-only access for non-administrative Certificate Manager functions where possible

9. Implement change management procedures requiring approval for all configuration modifications

10. Use privileged access management (PAM) solutions to monitor and log all privileged sessions

DETECTION RULES:

11. Alert on any configuration object modifications by Certificate Manager role accounts outside change windows

12. Monitor for execution of system commands through BIG-IP configuration interfaces

13. Track failed authentication attempts and privilege escalation attempts

14. Monitor for unusual API calls to configuration endpoints

PATCHING:

15. Subscribe to F5 security advisories and apply patches immediately upon release

16. Maintain inventory of BIG-IP/BIG-IQ versions and prioritize systems on unsupported versions for upgrade

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تدقيق جميع أنظمة BIG-IP و BIG-IQ وتوثيق تعيينات دور مدير الشهادات

2. تقييد وصول دور مدير الشهادات للموظفين الأساسيين فقط مع توثيق المبرر التجاري

3. تطبيق المصادقة متعددة العوامل (MFA) لجميع الحسابات المميزة

4. تفعيل تسجيل التدقيق الشامل لجميع تغييرات التكوين وتنفيذ الأوامر

5. مراقبة التعديلات المريبة على التكوين، خاصة التغييرات المتعلقة بالشهادات

الضوابط التعويضية:

6. تطبيق تقسيم الشبكة لتقييد وصول واجهة الإدارة إلى شبكات الإدارة المخصصة

7. نشر تحليلات السلوك للكشف عن أنماط تنفيذ الأوامر الشاذة

8. إنشاء وصول للقراءة فقط لوظائف مدير الشهادات غير الإدارية

9. تطبيق إجراءات إدارة التغيير التي تتطلب الموافقة على جميع التعديلات

10. استخدام حلول إدارة الوصول المميز (PAM) لمراقبة جلسات العمل

قواعد الكشف:

11. تنبيهات على تعديلات كائنات التكوين من قبل حسابات دور مدير الشهادات خارج نوافذ التغيير

12. مراقبة تنفيذ أوامر النظام من خلال واجهات تكوين BIG-IP

13. تتبع محاولات المصادقة الفاشلة ومحاولات تصعيد الامتيازات

14. مراقبة استدعاءات API غير العادية لنقاط نهاية التكوين

التصحيح:

15. الاشتراك في تنبيهات أمان F5 وتطبيق التصحيحات فوراً عند الإصدار

16. الحفاظ على جرد إصدارات BIG-IP/BIG-IQ وأولويات الأنظمة على الإصدارات غير المدعومة للترقية

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 - 5.1.1: Access Control and Authentication ECC 2024 - 5.2.1: Privileged Access Management ECC 2024 - 5.3.1: Audit and Accountability ECC 2024 - 6.1.1: Configuration Management ECC 2024 - 6.2.1: Change Management

🔵 SAMA CSF

SAMA CSF - Governance: Risk Management and Oversight SAMA CSF - Protect: Access Control SAMA CSF - Protect: Data Protection and Privacy SAMA CSF - Detect: Security Monitoring and Alerting SAMA CSF - Respond: Incident Response and Management

🟡 ISO 27001:2022

ISO 27001:2022 - A.5.2: Information Security Policies ISO 27001:2022 - A.8.2: User Access Management ISO 27001:2022 - A.8.3: User Responsibilities ISO 27001:2022 - A.9.2: User Access and Entitlement Management ISO 27001:2022 - A.9.4: Access Control to Information and Other Associated Assets ISO 27001:2022 - A.12.4: Logging

🟣 PCI DSS v4.0.1

PCI DSS 3.2.1: Requirement 2 - Default Passwords PCI DSS 3.2.1: Requirement 7 - Restrict Access to Data PCI DSS 3.2.1: Requirement 8 - User Identification and Authentication PCI DSS 3.2.1: Requirement 10 - Logging and Monitoring

🔗 References & Sources 1

🔗

https://my.f5.com/manage/s/article/K000160972

f5sirt@f5.com

📊 CVSS Score

8.7

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredH — High

User InteractionN — None / Network

ScopeC — Changed

ConfidentialityH — High

IntegrityH — High

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score8.7

CWECWE-250

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-05-13

Source Feed nvd

🇸🇦 Saudi Risk Score

8.2

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-250

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-32643

Introduce Yourself

Sign In Required