10
CVSSv2

CVE-2021-22986

Published: 31/03/2021 Updated: 05/04/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

On BIG-IP versions 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.2.1, 14.1.x prior to 14.1.4, 13.1.x prior to 13.1.3.6, and 12.1.x prior to 12.1.5.3 amd BIG-IQ 7.1.0.x prior to 7.1.0.3 and 7.0.0.x prior to 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

f5 big-ip access policy manager

f5 big-ip advanced firewall manager

f5 big-ip advanced web application firewall

f5 big-ip analytics

f5 big-ip application acceleration manager

f5 big-ip application security manager

f5 big-ip ddos hybrid defender

f5 big-ip domain name system

f5 big-ip fraud protection service

f5 big-ip global traffic manager

f5 big-ip link controller

f5 big-ip local traffic manager

f5 big-ip policy enforcement manager

f5 big-iq centralized management

f5 ssl orchestrator

Mailing Lists

This Metasploit module exploits a pre-authentication server-side request forgery vulnerability in the F5 iControl REST API's /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that can be used to execute root commands on an affected BIG-IP or BIG-IQ device ...
F5 BIG-IP version 160x suffers from an iControl REST remote code execution vulnerability ...

Github Repositories

CVE-2021-22986-Poc This is a Poc for BIGIP iControl unauth RCE POC :~ curl -ksu admin:[redacted] 192168123134/mgmt/tm/access/bundle-install-tasks -d '{"filePath":"id"}' | jq curl -ksu : 192168123134/mgmt/shared/authn/login -d '{"bigipAuthCookie":"","loginReference":{"link":"h

westone-CVE-2021-22986-scanner

使用 python3 f5_rcepy -u 指定目标URL -f 批量检测文件 -c 执行命令 效果如下所示: PS:输出不够美感,我会修改的 后续 正则匹配,美化输出 更新其他poc利用方式 引用 poc地址 脚本小子是如何复现漏洞(CVE-2021-22986)并实现批量利用

F5 BIG-IP 远程命令执行漏洞(CVE-2021-22986) 漏洞影响 F5 BIG-IP 16x: 16103 F5 BIG-IP 15x: 15104 F5 BIG-IP 14x: 14126 F5 BIG-IP 13x: 13134 F5 BIG-IP 12x: 12152 F5 BIG-IP 11x: 11652 fofa icon_hash="-335242539" POC POST /mgmt/tm/util/bash HTTP/11 Host: xxxxxxxxxxxx:8443 Connection: close Content-Length: 41 Cache-Control: max-age=

放自己写的漏洞poc&exp 2021/3/22 F5 BIG-IP REC(CVE-2021-22986)poc&exp

CVE-2021-22986 F5 BIG-IP/BIG-IQ iControl Rest API SSRF to RCE i will public soon!!!

临兵漏洞扫描系统 本系统是对目标进行漏洞扫描的一个系统,前端采用vue技术,后端采用flask核心原理是扫描主机的开放端口情况,然后根据端口情况逐个去进行poc检测,poc有110多个,包含绝大部分的中间件漏洞,本系统的poc皆来源于网络或在此基础上进行修改 修改加密key 存储到mysql中的数据

CVE-2021-22986_Check CVE-2021-22986 Checker Script in Python3 How to Use: python3 checkerpy -u url Output: HOST IS NOT VULNERABLE: ______ _____ _____ _ _ _ | ____| ____| / ____| | | (_) | | |__ | |__ | (___ _ __ | | ___ _| |_ | __| |___ \ \___ \| '_ \| |/ _ \| | __| | | ___) | ____) | |_) | | (_) | | |_ |_| |____/ |_

CVE-2021-22986 F5 BIG-IP/BIG-IQ iControl Rest API SSRF to RCE Usage: python CVE-2021-22986py <127001:443>

CVE-2021-22986 This is a simple script to determine whether an IP is vulnerable to this CVE from a mass ip addresses For finding mass ip addresses use shodan or zoomeye cli Save all the ips in a file name here "testipstxt"

使用 python3 f5_rcepy -u 指定目标URL -f 批量检测文件 -c 执行命令 效果如下所示: PS:输出不够美感,我会修改的 问题 该poc目前只能支持部分命令,执行history , ls 等失败,原因未知 后续 更新:修改部分命令执行异常情况 正则匹配,美化输出 更新其他poc利用方式 引用 poc地址 脚本小

漏洞情报收集 MySQL客户端jdbc反序列化漏洞 CVE-2021-22986 XStream多个高危漏洞 sudo本地权限提升漏洞(CVE-2021-3156) 深信服SSL-VPN代码注入 微软2021年3月补丁日漏洞通告 VMware多个高危漏洞通告 SAP Solution Manager EemAdmin 远程代码执行漏洞(CVE-2020-6207) JumpServer 远程命令执行漏洞 资产收集 资产收集-

HW漏洞情报 HW漏洞情报4月8号 漏洞情报收集 MySQL客户端jdbc反序列化漏洞 CVE-2021-22986 XStream多个高危漏洞 sudo本地权限提升漏洞(CVE-2021-3156) 深信服SSL-VPN代码注入 微软2021年3月补丁日漏洞通告 VMware多个高危漏洞通告 SAP Solution Manager EemAdmin 远程代码执行漏洞(CVE-2020-6207) JumpServer 远程命令

F5の脆弱性情報 CVE-2021-22986 CVE-2021-22987 CVE-2021-22991 CVE-2021-22992 CVE-2021-22988 CVE-2021-22989 CVE-2021-22993 CVE-2021-22994 CVE-2021-22995 CVE-2021-22996 CVE-2021-22997 CVE-2021-22990 CVE-2021-22998 CVE-2021-22999 CVE-2021-23000 CVE-2021-23001 CVE-2021-23002 CVE-2021-23003 CVE-2021-23004 CVE-2021-23005 CVE-2021-23006

Recent Articles

Critical F5 BIG-IP Flaw Now Under Active Attack
Threatpost • Lindsey O'Donnell • 19 Mar 2021

Attackers are exploiting a recently-patched, critical vulnerability in F5 devices that have not yet been updated.
The unauthenticated remote command execution flaw (CVE-2021-22986) exists in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure, and could allow attackers to take full control over a vulnerable system.
Earlier in March, F5 issued a patch for the flaw, which has a CVSS rating of 9.8 and exists in the iControl REST interface. After the patch was issued, several...

F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs
Threatpost • Elizabeth Montalbano • 11 Mar 2021

F5 Networks is warning users to patch four critical remote command execution (RCE) flaws in its BIG-IP and BIG-IQ enterprise networking infrastructure. If exploited, the flaws could allow attackers to take full control over a vulnerable system.
The company released an advisory, Wednesday, on seven bugs in total, with two others rated as high risk and one rated as medium risk, respectively. “We strongly encourage all customers to update their BIG-IP and BIG-IQ systems to a fixed version a...

The Register

Security and automation vendor F5 has warned of seven patch-ASAP-grade vulnerabilities in its Big-IP network security and traffic-grooming products, plus another 14 vulns worth fixing.
An advisory dated today lists seven CVEs, four rated critical.
Most of the bugs concern TMUI – the Traffic Management User Interface that users work with to drive F5 products – and they can be exploited to achieve remote code execution, denial of service attacks, or complete device takeovers; somet...

F5 urges customers to patch critical BIG-IP pre-auth RCE bug
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution (RCE) vulnerabilities affecting most BIG-IP and BIG-IQ software versions.
F5 BIG-IP software and hardware customers include governments, Fortune 500 firms, banks, internet service providers, and consumer brands (including Microsoft, Oracle, and Facebook), with the company claiming that "48 of the Fortune 50 rely on F5."
The four critical vulnerabilities listed below also i...