|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-03-17 | |
| Rule Name: | F5 BIG-IP iControl REST unauthenticated remote command execution vulnerability (CVE-2021-22986) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | F5 BIG-IP is an application delivery platform of American F5 company that integrates network traffic management, application security management, load balancing and other functions. The iControl REST interface has an unauthenticated remote command execution vulnerability (CVE-2021-22986). | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Network Device | |
| Reference: | https://attackerkb.com/topics/J6pWeg5saG/k03009991-icontrol-rest-unauthenticated-remote-command-execution-vulnerability-cve-2021-22986 https://vigilance.fr/vulnerability/F5-BIG-IP-code-execution-via-iControl-REST-34806 |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: https://support.f5.com/csp/article/K03009991 |