CVE-2021-22986

CWE-918Server-Side Request Forgery (SSRF)12 documents11 sources
9.8
CVSS
CRITICAL
EPSS94.5%(100th)
CISA KEVPublic ExploitExploited in WildRansomware Use
CISA Required Action: Apply updates per vendor instructions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages15 packages

NVDf5/big-ip_analytics12.1.012.1.5.3+4
NVDf5/ssl_orchestrator12.1.012.1.5.3+4
NVDf5/big-ip_link_controller12.1.012.1.5.3+4
NVDf5/big-ip_domain_name_system12.1.012.1.5.3+4
NVDf5/big-ip_ddos_hybrid_defender12.1.012.1.5.3+4
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
NVDMITRE

🔴Vulnerability Details

3
GHSA
GHSA-8489-vwcj-fxfr: On BIG-IP versions 162022-05-24
CVEList
CVE-2021-22986: On BIG-IP versions 162021-03-31
VulnCheck
F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability2021

💥Exploits & PoCs

3
Exploit-DB
F5 BIG-IP 16.0.x - iControl REST Remote Code Execution (Unauthenticated)2021-04-02
Metasploit
F5 iControl REST Unauthenticated SSRF Token Generation RCE
Nuclei
F5 iControl REST - Remote Command Execution

🔍Detection Rules

2
Suricata
ET EXPLOIT [NCC/FOX-IT] Possible F5 BIG-IP/BIG-IQ iControl REST RCE Attempt (CVE-2021-22986)2021-03-19
Suricata
ET EXPLOIT F5 BIG-IP iControl REST Unauthenticated RCE Inbound (CVE-2021-22986)2021-03-17

📋Vendor Advisories

2
CISA
F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability2021-11-03
F5
CVE-2021-22986: On BIG-IP versions 162021-03-31

🕵️Threat Intelligence

1
Unit42
Top CVEs to Patch: Insights from the 2022 Unit 42 Network Threat Trends Research Report2022-07-21