Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-22986
CVE-2021-22986:
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation
Overview
CVE-2021-22986 is a critical unauthenticated remote command execution vulnerability affecting the iControl REST interface in F5's BIG-IP and BIG-IQ platforms. The vulnerability was discovered and disclosed in March 2021, impacting BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, as well as BIG-IQ versions 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2 (NVD, CISA Alert).
Technical details
The vulnerability received a CVSS v3.1 base score of 9.8 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating its severe nature. The flaw exists in the iControl REST interface and appears to involve an authentication bypass or Server-Side Request Forgery (SSRF) vulnerability that can lead to remote command execution. The vulnerability is particularly dangerous as it requires no authentication and can be exploited remotely (NVD).
Impact
Successful exploitation of CVE-2021-22986 could allow an unauthenticated attacker to execute arbitrary system commands, potentially leading to complete system compromise. The vulnerability provides attackers with the ability to take full control of affected systems, making it particularly dangerous for organizations using vulnerable F5 BIG-IP and BIG-IQ devices (Hacker News).
Mitigation and workarounds
F5 has released patches to address this vulnerability in the following versions: BIG-IP versions 16.0.1.1, 15.1.2.1, 14.1.4, 13.1.3.6, 12.1.5.3, and BIG-IQ versions 8.0.0, 7.1.0.3, and 7.0.0.2. Organizations are strongly advised to update their BIG-IP and BIG-IQ deployments to a fixed version as soon as possible (Hacker News).
Community reactions
Security researchers and industry experts emphasized the severity of this vulnerability. Matt 'Pwn all the Things' Tait noted that 'This bug is probably going to fly under the radar, but this is a much bigger deal than it looks because it says something is really really broken in the internal security process of F5 BIG-IP devices' (Hacker News).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management