F5 BIG-IP DNS
Easy fix6 remedies
cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*
Easy fix6 remedies
- 21.0.0
- 17.5.0
- 17.5.1
- 17.1.0
- 17.1.1
- 17.1.2
- 17.1.3
- 16.1.0
- 16.1.1
- 16.1.2
- 16.1.3
- 16.1.4
- 16.1.5
- 16.1.6
F5 BIG-IP DNS iControl REST and tmsh Command Injection Vulnerability Allowing Arbitrary Command Execution
Vulnerability
Patched
A vulnerability exists in BIG-IP DNS when provisioned, allowing an authenticated attacker with Resource Administrator or Administrator role to execute arbitrary system commands with elevated privileges. This issue arises from an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command. In Appliance mode deployments, exploitation can enable the attacker to cross a security boundary. The vulnerability is classified as a command injection issue.
Impact
Exploitation allows authenticated attackers with the appropriate roles to execute arbitrary commands with higher privileges, potentially crossing security boundaries in Appliance mode deployments. In standard deployments, the vulnerability could be exploited to execute commands with elevated privileges, but without crossing any security boundaries.
Remediation
Users can upgrade to BIG-IP DNS version 21.0.0.1 or versions 17.5.1.4 or 17.1.3.1, depending on their current version. For more information about managing BIG-IP product hotfixes, refer to the F5 article K13123.
Added: May 13, 2026, 8:06 PM
Updated: May 13, 2026, 8:06 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
7.5exploitability
5.0remediation
8.3relevance
8.3threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.