CVE-2021-22986

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 16.0.x through 16.0.1.1 F5 BIG-IP versions 15.1.x through 15.1.2.1 F5 BIG-IP versions 14.1.x through 14.1.4 F5 BIG-IP versions 13.1.x through 13.1.3.6 F5 BIG-IP versions 12.1.x through 12.1.5.3 F5 BIG-IQ versions 7.1.0.x through 7.1.0.3 F5 BIG-IQ versions 7.0.0.x through 7.0.0.2

Description The iControl REST interface has an unauthenticated remote command execution issue. This allows attackers with network access to the iControl REST interface through the BIG-IP management interface to execute arbitrary system commands, create or delete files, and disable services. The vulnerability can lead to complete system compromise. The BIG-IP system in Appliance mode is also affected.

Recommendations F5 BIG-IP versions 16.0.x through 16.0.1.1: Update to version 16.0.1.1 or later. F5 BIG-IP versions 15.1.x through 15.1.2.1: Update to version 15.1.2.1 or later. F5 BIG-IP versions 14.1.x through 14.1.4: Update to version 14.1.4 or later. F5 BIG-IP versions 13.1.x through 13.1.3.6: Update to version 13.1.3.6 or later. F5 BIG-IP versions 12.1.x through 12.1.5.3: Update to version 12.1.5.3 or later. F5 BIG-IQ versions 7.1.0.x through 7.1.0.3: Update to version 7.1.0.3 or later. F5 BIG-IQ versions 7.0.0.x through 7.0.0.2: Update to version 7.0.0.2 or later.