Lucene search

K
f5F5F5:K03009991
HistoryMar 10, 2021 - 12:00 a.m.

K03009991 : iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986

2021-03-1000:00:00
my.f5.com
16

7.3 High

AI Score

Confidence

High

0.974 High

EPSS

Percentile

99.9%

Security Advisory Description

The iControl REST interface has an unauthenticated remote command execution vulnerability. (CVE-2021-22986)

Impact

This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise. The BIG-IP system in Appliance mode is also vulnerable.

Note: If you believe your system may have been compromised, refer to K11438344: Considerations and guidance when you suspect a security compromise on a BIG-IP system.