On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
- http://packetstormsecurity.com/files/162059/F5-iControl-Server-Side-Request-Forgery-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/162066/F5-BIG-IP-16.0.x-Remote-Code-Execution.html
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Al1ex/CVE-2021-22986
- https://github.com/Astrogeorgeonethree/Starred
- https://github.com/DNTYO/F5_Vulnerability
- https://github.com/EdgeSecurityTeam/Vulnerability
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/Osyanina/westone-CVE-2021-22986-scanner
- https://github.com/S1xHcL/f5_rce_poc
- https://github.com/SexyBeast233/SecBooks
- https://github.com/SouthWind0/southwind0.github.io
- https://github.com/Tas9er/CVE-2021-22986
- https://github.com/Udyz/CVE-2021-22986-SSRF2RCE
- https://github.com/Yang0615777/PocList
- https://github.com/ZephrFish/CVE-2021-22986_Check
- https://github.com/bhassani/Recent-CVE
- https://github.com/bigblackhat/oFx
- https://github.com/dorkerdevil/CVE-2021-22986-Poc
- https://github.com/dotslashed/CVE-2021-22986
- https://github.com/gmatuz/inthewilddb
- https://github.com/huike007/penetration_poc
- https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection
- https://github.com/luck-ying/Library-POC
- https://github.com/n1sh1th/CVE-POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/papa-anniekey/CustomSignatures
- https://github.com/r0eXpeR/supplier
- https://github.com/s-ribeiro/Modsecurity-Rules
- https://github.com/safesword/F5_RCE
- https://github.com/saucer-man/exploit
- https://github.com/superfish9/pt
- https://github.com/takeboy/https-github.com-taomujian-linbing
- https://github.com/taomujian/linbing
- https://github.com/tzwlhack/Vulnerability
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/yaunsky/CVE-202122986-EXP
- https://github.com/zmylml/yangzifun