Skip to main content

CVE-2021-22986

Description

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

NVD
Severity: CRITICAL
CVE ID: CVE-2021-22986
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2021-22986
dorkerdevil

This is a Poc for BIGIP iControl unauth RCE

Refrence: GitHub

S1xHcL

cve-2021-22986 f5 rce 漏洞批量检测 poc

Refrence: GitHub

Osyanina

A vulnerability scanner that detects CVE-2021-22986 vulnerabilities.

Refrence: GitHub

Udyz

F5 BIG-IP/BIG-IQ iControl Rest API SSRF to RCE

Refrence: GitHub

safesword

CVE-2021-22986 F5 BIG-IP iControl 命令执行漏洞

Refrence: GitHub

Al1ex

CVE-2021-22986 & F5 BIG-IP RCE

Refrence: GitHub

kiri-48

Refrence: GitHub

ZephrFish

CVE-2021-22986 Checker Script in Python3

Refrence: GitHub

yaunsky

F5 BIG-IP远程代码执行;cve-2021-22986,批量检测;命令执行利用

Refrence: GitHub

Tas9er

Code By:Tas9er / F5 BIG-IP 远程命令执行漏洞

Refrence: GitHub

dotslashed

Refrence: GitHub

DDestinys

BIGIP F5

Refrence: GitHub

west9b

CVE-2020-5902 CVE-2021-22986 CVE-2022-1388 POC集合

Refrence: GitHub

amitlttwo

Refrence: GitHub

huydung26

Custom POC of CVE-2021-22986 by Al1ex@Heptagram

Refrence: GitHub

Content on GitHub

1n7erface | watchers:1081

PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.9