1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2021-22986 Mappings

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2021-22986 F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability secondary_impact T1485 Data Destruction
Comments
CVE-2021-22986 is a remote command execution vulnerability occurring on the iControl REST interface. Impact reported by the F5 security advisory "This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise. "
References
  1. https://www.cpomagazine.com/cyber-security/massive-cyber-attacks-target-f5-big-ip-critical-vulnerabilities-after-firm-releases-updates/
  2. https://arstechnica.com/gadgets/2021/03/to-security-pros-dread-another-critical-server-vulnerability-is-under-exploit/
  3. https://my.f5.com/manage/s/article/K03009991
CVE-2021-22986 F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2021-22986 is a remote command execution vulnerability occurring on the iControl REST interface. Impact reported by the F5 security advisory "This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise. "
References
  1. https://www.cpomagazine.com/cyber-security/massive-cyber-attacks-target-f5-big-ip-critical-vulnerabilities-after-firm-releases-updates/
  2. https://arstechnica.com/gadgets/2021/03/to-security-pros-dread-another-critical-server-vulnerability-is-under-exploit/
  3. https://my.f5.com/manage/s/article/K03009991
CVE-2021-22986 F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2021-22986 is a remote command execution vulnerability occurring on the iControl REST interface. Impact reported by the F5 security advisory "This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise. "
References
  1. https://www.cpomagazine.com/cyber-security/massive-cyber-attacks-target-f5-big-ip-critical-vulnerabilities-after-firm-releases-updates/
  2. https://arstechnica.com/gadgets/2021/03/to-security-pros-dread-another-critical-server-vulnerability-is-under-exploit/
  3. https://my.f5.com/manage/s/article/K03009991
CVE-2021-22986 F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability primary_impact T1090 Proxy
Comments
The iControl REST interface has an unauthenticated remote command execution vulnerability. This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services.
References
  1. https://github.com/Al1ex/CVE-2021-22986
  2. https://www.jpcert.or.jp/english/at/2021/at210014.html
  3. https://my.f5.com/manage/s/article/K03009991
CVE-2021-22986 F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability exploitation_technique T1133 External Remote Services
Comments
The iControl REST interface has an unauthenticated remote command execution vulnerability. This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services.
References
  1. https://github.com/Al1ex/CVE-2021-22986
  2. https://www.jpcert.or.jp/english/at/2021/at210014.html
  3. https://my.f5.com/manage/s/article/K03009991