F5 iControl REST unauthenticated remote command execution vulnerability
Description
F5 BIG-IP iControl REST interface contains a critical unauthenticated remote command execution vulnerability (CVE-2021-22986). Attackers can exploit this flaw without authentication by sending malicious requests to the iControl REST API through the BIG-IP management interface or self IP addresses. The vulnerability exists in the control plane only and affects both standard and Appliance mode deployments. Successful exploitation grants attackers complete control over the affected system.
Remediation
Apply security patches immediately by upgrading to the fixed versions specified in F5 Security Advisory K03009991. Affected versions include BIG-IP 16.x (upgrade to 16.0.1.1 or later), 15.x (upgrade to 15.1.2.1 or later), 14.x (upgrade to 14.1.4 or later), 13.x (upgrade to 13.1.3.6 or later), and 12.x (upgrade to 12.1.5.3 or later). As an interim mitigation, restrict network access to the iControl REST interface by implementing firewall rules that limit access to trusted IP addresses only, and ensure the management interface is not exposed to untrusted networks. Verify that the management interface is accessible only through secure management networks and not from the internet. Monitor logs for suspicious API requests and unauthorized access attempts.