Sunday, March 14, 2021

F5 Networks: K03009991 (CVE-2021-22986): iControl REST unauthenticated remote command execution vulnerability

rapid7 vulnerabilities In: , 
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.From K03009991:This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise. The BIG-IP system in Appliance mode is also vulnerable.
Solution(s)
  • f5-big-ip-upgrade-latest


    • References
  • https://support.f5.com/csp/article/K02566623
  • https://support.f5.com/csp/article/K03009991
  • CVE-2021-22986




    •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore