Lucene search
K

5 matches found

0day.today
0day.today
added 2021/04/02 12:0 a.m.94 views

F5 iControl Server-Side Request Forgery / Remote Command Execution Exploit

This Metasploit module exploits a pre-authentication server-side request forgery vulnerability in the F5 iControl REST API's /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that can be used to execute root commands on an affected BIG-IP or BIG-IQ device. This module requires...

10CVSS0.6AI score0.99898EPSS
Exploits20
Metasploit
Metasploit
added 2021/04/01 5:42 p.m.136 views

F5 iControl REST Unauthenticated SSRF Token Generation RCE

This module exploits a pre-auth SSRF in the F5 iControl REST API's /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that can be used to execute root commands on an affected BIG-IP or BIG-IQ device. This vulnerability is known as CVE-2021-22986. CVE-2021-22986 affects the following...

10CVSS9.7AI score0.99898EPSS
Exploits20
Packet Storm
Packet Storm
added 2021/04/01 12:0 a.m.717 views

F5 iControl Server-Side Request Forgery / Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 iControl REST Unauthenticated SSRF Token Generation RCE', 'Description' = %q This module exploits a pre-auth SSRF in the F5 iControl REST API'...

0.5AI score0.99898EPSS
Exploits20
Packet Storm
Packet Storm
added 2014/10/08 12:0 a.m.56 views

F5 iControl Remote Root Command Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "F5 iControl Remote Root Command Execution", 'Description' = %q This module exploits an authenticated remote command execution...

7.1CVSS0.2AI score0.3905EPSS
Exploits8
Packet Storm
Packet Storm
added 2014/05/07 12:0 a.m.47 views

F5 iControl Remote Command Execution

Hi, Linked below is an advisory regarding remote command execution as root, possibly vulnerabilities within the iControl API: http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html An example request that will set the hostname to 'root.example.com': whoami.example.com This was...

7.1CVSS0.3AI score0.3905EPSS
Exploits8
Rows per page
Query Builder