F5.iControl.REST.Interface.Remote.Command.Execution
Description
This indicates an attack attempt to exploit a Code Injection Vulnerability in F5 iControl REST interface.
The vulnerability is due to an insufficient input validation error when the vulnerable module handles a crafted HTTP request. A remote attacker could exploit this to execute arbitrary code within the context of target application, via a crafted HTTP request.
Outbreak Alert
The 2 most critical vulnerabilities allow a remote attacker with access to the user interface (or REST API via the user interface) to gain full control of the system and execute arbitrary system commands, create or delete files, and disable services. The most critical is unauthenticated. Exploitation can lead to complete system compromise. The U.S. Cybersecurity and Infrastructure Agency (CISA) has urged companies using BIG-IP and BIG-IQ to fix the critical F5 flaws.
Affected Products
BIG-IP 16.0.0 - 16.0.1
BIG-IP 15.1.0 - 15.1.2
BIG-IP 14.1.0 - 14.1.3
BIG-IP 13.1.0 - 13.1.3
BIG-IP 12.1.0 - 12.1.5
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://support.f5.com/csp/article/K03009991
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-04-26 | 18.066 | Sig Added |
2021-04-19 | 18.061 | Sig Added |
2021-04-06 | 18.052 | Sig Added |
2021-03-31 | 18.049 | Default_action:pass:drop |
2021-03-23 | 18.044 |