CVE-2026-32673
F5 · BIG-IP
A vulnerability in F5 BIG-IP scripted monitors allows authenticated users with administrative privileges to execute arbitrary system commands with elevated permissions.
Executive summary
An authenticated privilege escalation vulnerability in F5 BIG-IP scripted monitors poses a significant risk of unauthorized system command execution.
Vulnerability
The flaw relates to improper privilege management (CWE-250) within BIG-IP scripted monitors. An attacker who has already gained authenticated access as a Resource Administrator or Administrator can leverage this flaw to execute arbitrary commands with higher system privileges.
Business impact
Successful exploitation allows an already-privileged user to gain full control over the underlying operating system of the BIG-IP device. Given the CVSS score of 8.7, this represents a high-severity risk to infrastructure integrity, as it facilitates lateral movement, data exfiltration, or complete system compromise.
Remediation
Immediate Action: Upgrade to version 21.1.0 or later as recommended by the vendor.
Proactive Monitoring: Review administrative audit logs for unusual command execution patterns or unauthorized modifications to monitor scripts.
Compensating Controls: Restrict administrative access to the BIG-IP management interface to known, trusted management subnets and enforce multi-factor authentication (MFA).
Exploitation status
Public Exploit Available: No (exploit_available: false)
Analyst recommendation
The severity of this vulnerability necessitates immediate patching. Organizations should prioritize updating their F5 BIG-IP appliances to the fixed versions provided by the vendor to prevent privileged users from escalating their access to full system control.