HomePentest-Tools.com Logo

F5 BIG-IP - Remote Code Execution CVE-2021-22986

Severity
CVSSv3 Score
9.8
Vulnerability description

F5 BIG-IP server is affected by a Remote Code Execution vulnerability, located in the iControl REST interface endpoint, which is publicly accessible. The root cause of this vulnerability consists in exposing the API through the management interface and self IP addresses. This allows an unauthenticated malicious attacker to execute arbitrary system commands on the device.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the F5 BIG-IP server in order to steal confidential information, install ransomware or pivot to the internal network, since the F5 BIG-IP is typically used as a border device.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation

Upgrade F5 BIG-IP server to the latest version or to a non-vulnerable version listed in K03009991.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Sniper
Exploitable with Sniper
Yes
CVE Published
Mar 1, 2021
Detection added at
Software Type
VPN gateway
Vendor
F5
Product
BIG IP