F5 BIG-IP
Easy fix5 remedies
cpe:2.3:h:f5:big-ip_10050s:*:*:*:*:*:*:*, +3 more
Easy fix5 remedies
- 21.0.0
- 17.5.0
- 17.5.1
- 17.1.0
- 17.1.1
- 17.1.2
- 17.1.3
- 16.1.0
- 16.1.1
- 16.1.2
- 16.1.3
- 16.1.4
- 16.1.5
- 16.1.6
F5 BIG-IP Privilege Escalation Vulnerability via iControl SOAP
Vulnerability
Patched
A privilege escalation vulnerability has been identified in F5 BIG-IP systems. An authenticated attacker with Resource Administrator or Administrator roles can exploit this vulnerability by modifying configuration objects through the iControl SOAP interface. This issue allows the attacker to escalate privileges or bypass restrictions in Appliance mode deployments, potentially crossing a security boundary. The vulnerability is limited to the control plane and does not affect the data plane.
Impact
Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain elevated rights or access restricted functions within the BIG-IP system.
Remediation
Users can upgrade to BIG-IP versions 17.5.1.6, 17.1.3.2, or 21.0.0.2, all of which include the necessary fix. For more information about managing BIG-IP product hotfixes, refer to the F5 article K13123.
Added: May 13, 2026, 6:11 PM
Updated: May 13, 2026, 6:11 PM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
5.0exploitability
5.0remediation
8.3relevance
8.2threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.