CVE-2026-32643: Privilege Escalation in F5 BIG-IP
Plattform
linux
Komponente
bigip
Behoben in
21.0.0.2
CVE-2026-32643 is a privilege escalation vulnerability affecting F5 BIG-IP and BIG-IQ systems. A highly privileged, authenticated attacker possessing the Certificate Manager role can exploit this flaw to modify configuration objects and ultimately execute arbitrary commands. This vulnerability impacts versions 16.1.0 through 21.0.0.2, and a fix is available in version 21.0.0.2.
Auswirkungen und Angriffsszenarien
Successful exploitation of CVE-2026-32643 allows an attacker to gain elevated privileges within the BIG-IP system. This could lead to complete control over the device, enabling them to modify network configurations, intercept traffic, steal sensitive data (such as SSL certificates and private keys), and potentially pivot to other systems on the network. The ability to run arbitrary commands effectively grants the attacker root-level access, significantly expanding the blast radius of the attack. The Certificate Manager role, while privileged, is often granted to multiple administrators, increasing the potential attack surface. This vulnerability shares similarities with other privilege escalation flaws where misconfigured access controls allow for unauthorized command execution.
Ausnutzungskontext
CVE-2026-32643 was published on May 13, 2026. Severity is rated HIGH (CVSS 8.7). Currently, there are no publicly available Proof-of-Concept (POC) exploits. The vulnerability is not listed on KEV (Kernel Exploit Vulnerability) or EPSS (Exploit Prediction Scoring System), suggesting a low to medium probability of exploitation in the near term. Monitor CISA and F5 advisories for updates.
Bedrohungsanalyse
Exploit-Status
CISA SSVC
CVSS-Vektor
Was bedeuten diese Metriken?
- Attack Vector
- Netzwerk — aus der Ferne über das Internet ausnutzbar. Kein physischer oder lokaler Zugriff erforderlich.
- Attack Complexity
- Niedrig — keine besonderen Bedingungen erforderlich. Zuverlässig ausnutzbar.
- Privileges Required
- Hoch — Administrator- oder Privilegienkonto erforderlich.
- User Interaction
- Keine — automatischer und lautloser Angriff. Das Opfer tut nichts.
- Scope
- Geändert — Angriff kann über die anfällige Komponente hinaus auf andere Systeme übergreifen.
- Confidentiality
- Hoch — vollständiger Vertraulichkeitsverlust. Angreifer kann alle Daten lesen.
- Integrity
- Hoch — Angreifer kann beliebige Daten schreiben, ändern oder löschen.
- Availability
- Keine — kein Verfügbarkeitseinfluss.
Betroffene Software
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Reserviert
- Veröffentlicht
Mitigation und Workarounds
The primary mitigation for CVE-2026-32643 is to upgrade to F5 BIG-IP version 21.0.0.2 or later, which contains the fix. If immediate upgrade is not possible, consider implementing stricter access controls to limit the number of users with the Certificate Manager role. Review existing configurations to identify any potential misconfigurations that could be exploited. Implement a Web Application Firewall (WAF) with rules to detect and block suspicious command execution attempts. Monitor BIG-IP system logs for unusual activity, particularly commands executed by users with elevated privileges. If rollback is necessary after upgrading, ensure proper backups are restored and re-evaluate access controls.
So behebenwird übersetzt…
Actualice a una versión corregida de BIG-IP o BIG-IQ. F5 ha publicado parches para solucionar esta vulnerabilidad. Consulte la documentación de F5 para obtener instrucciones detalladas sobre cómo aplicar las actualizaciones y mitigar el riesgo.
Häufig gestellte Fragen
What is CVE-2026-32643 — Privilege Escalation in F5 BIG-IP?
CVE-2026-32643 is a vulnerability in F5 BIG-IP and BIG-IQ allowing authenticated attackers with the Certificate Manager role to execute arbitrary commands, leading to privilege escalation. It has a HIGH severity rating (CVSS 8.7) and affects versions 16.1.0–21.0.0.2.
Am I affected by CVE-2026-32643 in F5 BIG-IP?
If you are running F5 BIG-IP or BIG-IQ versions between 16.1.0 and 21.0.0.2, and have users with the Certificate Manager role, you are potentially affected. Check your version and role assignments immediately.
How do I fix CVE-2026-32643 in F5 BIG-IP?
Upgrade to F5 BIG-IP version 21.0.0.2 or later to remediate the vulnerability. If immediate upgrade is not possible, restrict access to the Certificate Manager role and monitor system logs.
Is CVE-2026-32643 being actively exploited?
As of the current assessment, there are no publicly known active exploits or campaigns targeting CVE-2026-32643. However, the vulnerability's severity warrants proactive mitigation.
Where can I find the official F5 advisory for CVE-2026-32643?
Refer to the official F5 security advisory for CVE-2026-32643 on the F5 website: [https://www.f5.com/security/center/advisory/f5-security-advisory-32643](https://www.f5.com/security/center/advisory/f5-security-advisory-32643)
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Jetzt testen — kein Konto
Laden Sie ein Manifest hoch (composer.lock, package-lock.json, WordPress Plugin-Liste…) oder fügen Sie Ihre Komponentenliste ein. Sie erhalten sofort einen Schwachstellenbericht. Das Hochladen einer Datei ist nur der Anfang: Mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack/email-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.
Abhängigkeitsdatei hier ablegen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...