Datashield recommends patching any BIG-IP servers due to the recently released series of vulnerabilities, CVE-2021-22986 in particular, a pre-auth RCE in the iControl REST interface. An unauthenticated attacker can compromise the server and obtain access into the network. If your team is unable to patch these servers immediately, we recommend following the mitigation steps outlined in the notice sent out by F5, which is below as well.
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO)
- 16.0.0 - 16.0.1
- 15.1.0 - 15.1.2
- 14.1.0 - 14.1.3
- 13.1.0 - 13.1.3
- 12.1.0 - 12.1.5
BIG-IQ Centralized Management
- 6.0.0 - 6.1.0
Datashield is actively watching the exploit and will be creating alerts to detect exploit attempts. There are no known POC’s or actors utilizing this exploit.
- F5 Overall Advisory: https://support.f5.com/csp/article/K02566623
- CVE-2021-22986 details: https://support.f5.com/csp/article/K03009991
If you have any questions regarding this vulnerability, please contact us.