{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-42924/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.7,"id":"CVE-2026-42924"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["BIG-IP"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","snmp","f5","cve-2026-42924"],"_cs_type":"advisory","_cs_vendors":["F5 Networks"],"content_html":"\u003cp\u003eCVE-2026-42924 is a privilege escalation vulnerability in F5 BIG-IP. An authenticated attacker with either the Resource Administrator or Administrator role can exploit this flaw by crafting malicious SNMP configuration objects via iControl SOAP. Successful exploitation leads to privilege escalation within the BIG-IP system. The vulnerability is triggered due to insufficient validation or sanitization when creating SNMP configuration objects. This allows an attacker to insert malicious configurations, leading to elevated privileges. Software versions that have reached End of Technical Support (EoTS) are not evaluated for this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker authenticates to the F5 BIG-IP system with Resource Administrator or Administrator privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious SNMP configuration object. This object contains commands or configurations designed to escalate privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker uses iControl SOAP API to send a request to create the malicious SNMP configuration object.\u003c/li\u003e\n\u003cli\u003eThe iControl SOAP API processes the request without proper validation of the SNMP configuration object.\u003c/li\u003e\n\u003cli\u003eThe malicious SNMP configuration object is created within the BIG-IP system.\u003c/li\u003e\n\u003cli\u003eThe malicious SNMP configuration allows the attacker to execute commands with elevated privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the escalated privileges to perform unauthorized actions on the BIG-IP system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-42924 allows an attacker to gain elevated privileges on the F5 BIG-IP system. This can lead to full control of the device, potentially allowing the attacker to intercept network traffic, modify configurations, or disrupt services. The specific impact depends on the attacker\u0026rsquo;s objectives and the configuration of the BIG-IP system.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security patch or upgrade to a fixed version of F5 BIG-IP to address CVE-2026-42924.\u003c/li\u003e\n\u003cli\u003eMonitor iControl SOAP API requests for suspicious activity related to SNMP configuration creation (see rule \u0026ldquo;Detect Suspicious iControl SOAP SNMP Configuration Creation\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eImplement strict access controls to limit the number of users with Resource Administrator or Administrator privileges.\u003c/li\u003e\n\u003cli\u003eAudit existing SNMP configurations for any unauthorized or malicious entries.\u003c/li\u003e\n\u003cli\u003eReview F5\u0026rsquo;s advisory K000160926 for mitigation and remediation guidance.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T16:26:04Z","date_published":"2026-05-13T16:26:04Z","id":"https://feed.craftedsignal.io/briefs/2026-05-f5-snmp-privesc/","summary":"CVE-2026-42924 allows an authenticated attacker with Resource Administrator or Administrator privileges to escalate privileges by creating malicious SNMP configuration objects through iControl SOAP.","title":"F5 BIG-IP CVE-2026-42924 iControl SOAP SNMP Configuration Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-05-f5-snmp-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-42924","version":"https://jsonfeed.org/version/1.1"}