CVE-2021-22986
Description
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Severity: CRITICAL
CVE ID: CVE-2021-22986
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2021-22986
Refrence: Project Discovery GitHub
dorkerdevil
This is a Poc for BIGIP iControl unauth RCE
Refrence: GitHub
S1xHcL
cve-2021-22986 f5 rce 漏洞批量检测 poc
Refrence: GitHub
Osyanina
A vulnerability scanner that detects CVE-2021-22986 vulnerabilities.
Refrence: GitHub
Udyz
F5 BIG-IP/BIG-IQ iControl Rest API SSRF to RCE
Refrence: GitHub
safesword
CVE-2021-22986 F5 BIG-IP iControl 命令执行漏洞
Refrence: GitHub
Al1ex
CVE-2021-22986 & F5 BIG-IP RCE
Refrence: GitHub
kiri-48
Refrence: GitHub
ZephrFish
CVE-2021-22986 Checker Script in Python3
Refrence: GitHub
yaunsky
F5 BIG-IP远程代码执行;cve-2021-22986,批量检测;命令执行利用
Refrence: GitHub
Tas9er
Code By:Tas9er / F5 BIG-IP 远程命令执行漏洞
Refrence: GitHub
dotslashed
Refrence: GitHub
DDestinys
BIGIP F5
Refrence: GitHub
west9b
CVE-2020-5902 CVE-2021-22986 CVE-2022-1388 POC集合
Refrence: GitHub
amitlttwo
Refrence: GitHub
huydung26
Custom POC of CVE-2021-22986 by Al1ex@Heptagram
Refrence: GitHub
Content on GitHub
1n7erface | watchers:1081
PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE
Refrence: GitHub