Description
When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell (tmsh) command that may allow a highly privileged authenticated attacker to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Published: 2026-05-13
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in an undisclosed TMOS Shell (tmsh) command within BIG‑IP DNS and allows a highly privileged authenticated attacker to view sensitive information. This flaw is a confidentiality breach based on CWE‑312, which denotes insecure handling of inputs. The impact is that an attacker can read data that should remain restricted to authorized administrators, potentially exposing configuration or operational details that could be leveraged for further attacks.

Affected Systems

F5 BIG‑IP systems that have the DNS feature provisioned are affected. Specific product naming is limited to the vendor’s BIG‑IP platform, and no particular software version is listed; end‑of‑technical‑support versions are explicitly excluded from the assessment but are not detailed here.

Risk and Exploitability

The CVSS score of 6.7 indicates a medium severity impact primarily affecting confidentiality. The EPSS score is not available, and the vulnerability is not present in the CISA KEV catalog, suggesting no widely known exploits at this time. The attack requires authenticated access with elevated privileges, so the risk is contingent on privilege escalation or existing access. Given the lack of public exploitation evidence, the immediate threat is moderate, but the sensitive nature of the disclosed information warrants timely action.

Generated by OpenCVE AI on May 13, 2026 at 17:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Ensure the BIG‑IP firmware is updated to the latest version provided by F5 and apply any patches addressing the TMOS Shell command flaw
  • Restrict access to the tmsh interface to trusted administrative networks and enforce strict authentication and least‑privilege policies
  • Audit configuration changes and monitor tmsh logs for unusual or unauthorized command usage to detect potential exploitation attempts

Generated by OpenCVE AI on May 13, 2026 at 17:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 big-ip
Vendors & Products F5
F5 big-ip

Wed, 13 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell (tmsh) command that may allow a highly privileged authenticated attacker to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title BIG-IP DNS tmsh vulnerability
Weaknesses CWE-312
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6.7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

F5 Big-ip
cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2026-05-13T16:15:52.300Z

Reserved: 2026-04-30T23:02:47.652Z

Link: CVE-2026-42408

cve-icon Vulnrichment

Updated: 2026-05-13T16:15:46.757Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:47.647

Modified: 2026-05-13T16:27:11.127

Link: CVE-2026-42408

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T17:30:06Z

Weaknesses