admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 02:31:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/F5/CVE-2021-22986
History
tardc a4ab37e847 add CVE-2021-22986
2021-03-25 10:43:14 +08:00
..
CVE-2021-22986.gif
add CVE-2021-22986
2021-03-25 10:43:14 +08:00
README.md
add CVE-2021-22986
2021-03-25 10:43:14 +08:00

README.md

CVE-2021-22986 F5 BIGIP iControl unauth RCE

F5 Big-IP, an application delivery platform for F5 Corporation, issued a security bulletin today, announcing seven security vulnerabilities related to Big-IP and Big-IQ.Among them, CVE-2021-22986 is an unauthenticated remote command execution vulnerability. Due to incomplete authentication of HTTP requests, it allows attackers to bypass permission authentication and access Big-IP REST API to execute commands by setting special HTTP headers.

Affected version: F5-BIGIP

FOFA query rule: title="BIG-IP" || app="F5-BIGIP"

Demo