admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 18:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

add CVE-2021-22986

Browse Source
This commit is contained in:
tardc 2021-03-25 10:43:14 +08:00
parent a088f6286d
commit a4ab37e847
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
F5/CVE-2021-22986/CVE-2021-22986.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.7 MiB

11
F5/CVE-2021-22986/README.md Normal file
View File

@ -0,0 +1,11 @@
# CVE-2021-22986 F5 BIGIP iControl unauth RCE
F5 Big-IP, an application delivery platform for F5 Corporation, issued a security bulletin today, announcing seven security vulnerabilities related to Big-IP and Big-IQ.Among them, CVE-2021-22986 is an unauthenticated remote command execution vulnerability. Due to incomplete authentication of HTTP requests, it allows attackers to bypass permission authentication and access Big-IP REST API to execute commands by setting special HTTP headers.
**Affected version**: F5-BIGIP
**[FOFA](https://fofa.so/result?q=title%3D%22BIG-IP%22+%7C%7C+app%3D%22F5-BIGIP%22&qbase64=dGl0bGU9IkJJRy1JUCIgfHwgYXBwPSJGNS1CSUdJUCI%3D&file=&file=) query rule**: title="BIG-IP" || app="F5-BIGIP"
# Demo
![](CVE-2021-22986.gif)