📄 Description (English)
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🤖 AI Executive Summary
CVE-2026-41959 is a medium-severity permission assignment vulnerability in F5 BIG-IP and BIG-IQ TMOS Shell and iControl REST that allows authenticated attackers to view network status information of destination systems. While no public exploit is available and patches are not yet released, the vulnerability affects critical network infrastructure components widely deployed in Saudi organizations. Organizations should monitor F5 security advisories and implement compensating controls to restrict access to affected diagnostic commands.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 15, 2026 11:20
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi banking sector (SAMA-regulated institutions), government agencies (NCA oversight), telecommunications providers (STC, Mobily), and energy sector (Saudi Aramco). BIG-IP and BIG-IQ are extensively deployed as load balancers and application delivery controllers in these critical sectors. Authenticated attackers could gain network reconnaissance capabilities, potentially mapping internal network topology and identifying destination systems for further attacks. The vulnerability is particularly concerning for organizations with privileged user accounts that may be compromised or misused.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Telecommunications
Energy and Oil & Gas
Healthcare
Critical Infrastructure
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Inventory all BIG-IP and BIG-IQ deployments in your environment and document current versions
2. Restrict access to TMOS Shell (tmsh) and iControl REST APIs to only authorized administrators
3. Implement network segmentation to limit access to management interfaces
4. Enable comprehensive audit logging for all tmsh and iControl REST commands
5. Review and revoke unnecessary administrative privileges
Compensating Controls:
1. Implement role-based access control (RBAC) to limit diagnostic command execution to essential personnel only
2. Deploy WAF rules to restrict iControl REST API access to trusted IP ranges
3. Monitor for suspicious diagnostic command usage patterns
4. Implement multi-factor authentication for administrative access
5. Use VPN or bastion hosts for all management access
Detection Rules:
1. Alert on tmsh diagnostic commands executed by non-administrative accounts
2. Monitor iControl REST API calls to network status endpoints
3. Track failed authentication attempts to management interfaces
4. Log all privilege escalation attempts within BIG-IP/BIG-IQ
Patching:
1. Monitor F5 security advisories at https://support.f5.com/csp/article/K00033413
2. Subscribe to F5 security notifications
3. Plan immediate patching upon patch availability
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. قم بحصر جميع نشرات BIG-IP و BIG-IQ في بيئتك وتوثيق الإصدارات الحالية
2. قيد الوصول إلى TMOS Shell (tmsh) و iControl REST APIs على المسؤولين المصرحين فقط
3. طبق تقسيم الشبكة لتحديد الوصول إلى واجهات الإدارة
4. فعّل تسجيل التدقيق الشامل لجميع أوامر tmsh و iControl REST
5. راجع وألغِ الامتيازات الإدارية غير الضرورية
الضوابط التعويضية:
1. طبق التحكم في الوصول القائم على الأدوار (RBAC) لتحديد تنفيذ أوامر التشخيص للموظفين الأساسيين فقط
2. نشر قواعد WAF لتقييد وصول iControl REST API على نطاقات IP الموثوقة
3. راقب أنماط استخدام أوامر التشخيص المريبة
4. طبق المصادقة متعددة العوامل للوصول الإداري
5. استخدم VPN أو أجهزة bastion لجميع الوصول الإداري
قواعد الكشف:
1. تنبيهات على أوامر tmsh التشخيصية التي ينفذها حسابات غير إدارية
2. مراقبة استدعاءات iControl REST API لنقاط نهاية حالة الشبكة
3. تتبع محاولات المصادقة الفاشلة لواجهات الإدارة
4. تسجيل جميع محاولات تصعيد الامتيازات داخل BIG-IP/BIG-IQ
التصحيح:
1. راقب إشعارات أمان F5 على https://support.f5.com/csp/article/K00033413
2. اشترك في إشعارات أمان F5
3. خطط للتصحيح الفوري عند توفر التصحيح
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.9.2.1 - User access management and authentication
ECC 2024 A.9.4.3 - Password management
ECC 2024 A.8.1.1 - Information security perimeter
ECC 2024 A.8.2.3 - Segregation of networks
🔵 SAMA CSF
SAMA CSF ID.AM-1 - Asset Management
SAMA CSF PR.AC-1 - Access Control
SAMA CSF PR.AC-4 - Access Rights Management
SAMA CSF DE.AE-1 - Anomalies and Events Detection
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 - Access control
ISO 27001:2022 A.5.16 - Identification and authentication
ISO 27001:2022 A.8.3 - Cryptography
ISO 27001:2022 A.8.22 - Monitoring
🟣 PCI DSS v4.0.1
PCI DSS 2.1 - Default security parameters
PCI DSS 7.1 - Limit access to system components
PCI DSS 8.1 - Assign unique ID to each person
PCI DSS 10.2 - Implement automated audit trails
🔗 References & Sources 1