F5 Server iControl REST unauthenticated remote command execution vulnerability - RedSeal

F5 Server iControl REST unauthenticated remote command execution vulnerability

/by

RedSeal Cyber Threat Series

F5 has released patches for several BIG-IP and BIG-IQ critical vulnerabilities. CVE-2021-22986 is the most critical since it allows unauthenticated attackers with network access to use the iControl REST interface, via the BIG-IP management interface and self IP addresses, to execute system commands that could lead to complete system compromise. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane.

RedSeal customers should:

  1. Run a custom best practice check to receive a list of vulnerable devices
  2. Create and run daily reports until all affected systems are patched.

For additional details, contact your RedSeal sales representatives or email info@redseal.net

References:

https://support.f5.com/csp/article/K03009991

https://www.tenable.com/blog/cve-2021-22986-f5-patches-several-critical-vulnerabilities-in-big-ip-big-iq

 

Get the latest news, invites to events, and threat alerts

CONTACT US
RedSeal Japan
Distinguished Vendor badge 2025

RedSeal Given 5-Star Rating in 2021 CRN Partner Program GuideDigital transformation or digital evolution?
Footer
Connect on LinkedIn