CVE-2026-40698: Privilege Escalation in F5 BIG-IP

The impact of CVE-2026-40698 is significant due to the potential for privilege escalation. An attacker who can successfully exploit this vulnerability can gain control over the BIG-IP or BIG-IQ system, effectively bypassing existing security controls. This could allow them to modify configurations, access sensitive data (such as user credentials, network traffic logs, and application data), and potentially pivot to other systems within the network. The ability to create SNMP configuration objects provides a flexible attack vector, allowing attackers to tailor their actions to achieve specific objectives. Successful exploitation could lead to a complete compromise of the affected system and its associated data, similar to scenarios where attackers leverage misconfigured administrative interfaces to gain control.

1. 已保留2026-04-30
2. 发布日期2026-05-13

The primary mitigation for CVE-2026-40698 is to upgrade to F5 BIG-IP or BIG-IQ version 21.0.0.2 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds. Restricting access to iControl REST and the TMOS shell (tmsh) to only authorized personnel can reduce the attack surface. Review and audit existing SNMP configurations to identify and remove any suspicious or unauthorized objects. Implement strict role-based access controls to limit the number of users with the Resource Administrator role. Monitor iControl REST and tmsh activity for any unusual or unauthorized configuration changes. After upgrading, verify the fix by attempting to create an SNMP configuration object with a non-administrative user account; the attempt should be rejected.