Vulnerabilities ›

CVE-2026-42924

High

CWE-78 — Weakness Type

                    Published: May 13, 2026                      ·  Modified: May 20, 2026                      ·  Source: NVD                

CVSS v3

8.7

🔗 NVD Official

📄 Description (English)

An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🤖 AI Executive Summary

CVE-2026-42924 is a high-severity privilege escalation vulnerability (CVSS 8.7) affecting F5 BIG-IP systems through SNMP configuration manipulation via iControl SOAP. Authenticated users with Resource Administrator or Administrator roles can exploit this to escalate privileges. With no patch currently available and no public exploits, organizations must implement immediate compensating controls and monitoring.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 19, 2026 21:16

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability poses significant risk to Saudi critical infrastructure sectors: Banking (SAMA-regulated institutions using F5 for load balancing and security), Government (NCA, NCSC infrastructure), Energy (ARAMCO and downstream operators), Telecommunications (STC, Mobily, Zain), and Healthcare (MOH systems). F5 BIG-IP is widely deployed in Saudi Arabia for API gateways, DDoS protection, and application delivery. Privilege escalation could lead to unauthorized access to sensitive financial data, operational technology systems, and national security infrastructure.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Energy and Utilities Telecommunications Healthcare Critical Infrastructure

🎯 MITRE ATT&CK Techniques

T1078 - Valid Accounts T1548 - Abuse Elevation Control Mechanism T1548.002 - Abuse Elevation Control Mechanism: Bypass User Account Control T1021.001 - Remote Services: Remote Service Session Initiation T1021.006 - Remote Services: Windows Remote Management T1059 - Command and Scripting Interpreter T1087 - Account Discovery

⚖️ Saudi Risk Score (AI)

8.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Inventory all F5 BIG-IP deployments and document current versions and SNMP configurations

2. Restrict iControl SOAP access to trusted administrative networks only using firewall rules

3. Disable SNMP if not operationally required; if required, restrict to read-only access

4. Review and audit all users with Resource Administrator and Administrator roles

5. Enable detailed logging for iControl SOAP API calls and SNMP configuration changes



Compensating Controls:

6. Implement network segmentation to isolate BIG-IP management interfaces

7. Deploy WAF rules to monitor and block suspicious iControl SOAP requests

8. Enforce multi-factor authentication for all administrative access

9. Monitor for unauthorized SNMP object creation using SIEM correlation rules



Detection Rules:

- Alert on SNMP configuration object creation via iControl SOAP API

- Monitor for privilege escalation attempts in BIG-IP audit logs

- Track failed and successful authentication to iControl interfaces

- Flag any SNMP SET operations from non-standard sources

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. حصر جميع نشرات F5 BIG-IP وتوثيق الإصدارات الحالية وتكوينات SNMP

2. تقييد وصول iControl SOAP إلى شبكات إدارية موثوقة فقط باستخدام قواعد جدار الحماية

3. تعطيل SNMP إذا لم يكن مطلوباً تشغيلياً؛ إذا لزم الأمر، قصر على وصول القراءة فقط

4. مراجعة وتدقيق جميع المستخدمين الذين لديهم أدوار مسؤول الموارد والمسؤول

5. تفعيل السجلات التفصيلية لاستدعاءات iControl SOAP API وتغييرات تكوين SNMP



الضوابط التعويضية:

6. تنفيذ تقسيم الشبكة لعزل واجهات إدارة BIG-IP

7. نشر قواعد WAF لمراقبة وحظر طلبات iControl SOAP المريبة

8. فرض المصادقة متعددة العوامل لجميع الوصول الإداري

9. مراقبة إنشاء كائنات SNMP غير المصرح بها باستخدام قواعد ارتباط SIEM



قواعد الكشف:

- تنبيه عند إنشاء كائن تكوين SNMP عبر iControl SOAP API

- مراقبة محاولات تصعيد الامتيازات في سجلات تدقيق BIG-IP

- تتبع المصادقة الفاشلة والناجحة لواجهات iControl

- وضع علامة على أي عمليات SNMP SET من مصادر غير قياسية

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.9.2.1 - User access management and authentication ECC 2024 A.9.4.3 - Password management and access control ECC 2024 A.12.4.1 - Event logging and monitoring ECC 2024 A.14.2.1 - Secure development and change management

🔵 SAMA CSF

SAMA CSF ID.AM-1 - Asset Management SAMA CSF PR.AC-1 - Access Control SAMA CSF PR.AC-4 - Access Rights Management SAMA CSF DE.AE-1 - Anomalies and Events Detection SAMA CSF DE.CM-1 - System Monitoring

🟡 ISO 27001:2022

ISO 27001:2022 A.5.15 - Access Control ISO 27001:2022 A.8.3 - Cryptography ISO 27001:2022 A.8.22 - Monitoring ISO 27001:2022 A.8.23 - Administrator and Operator Logging

🟣 PCI DSS v4.0.1

PCI DSS 2.1 - Default security parameters PCI DSS 7.1 - Access Control Implementation PCI DSS 8.1 - User Identification and Authentication PCI DSS 10.2 - User Access Logging

🔗 References & Sources 1

🔗

https://my.f5.com/manage/s/article/K000160926

f5sirt@f5.com

📊 CVSS Score

8.7

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredH — High

User InteractionN — None / Network

ScopeC — Changed

ConfidentialityH — High

IntegrityH — High

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score8.7

CWECWE-78

EPSS0.07%

Exploit No

Patch ✗ No

Published 2026-05-13

Source Feed nvd

🇸🇦 Saudi Risk Score

8.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-78

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-42924

Introduce Yourself

Sign In Required