<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

All Posts

Security Advisory Vulnerability CVE-2021-22986

Vulnerability CVE-2021-22986Datashield recommends patching any BIG-IP servers due to the recently released series of vulnerabilities, CVE-2021-22986 in particular, a pre-auth RCE in the iControl REST interface. An unauthenticated attacker can compromise the server and obtain access into the network. If your team is unable to patch these servers immediately, we recommend following the mitigation steps outlined in the notice sent out by F5, which is below as well.

Vulnerable Versions

BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO)

Vulnerable Versions
  • 16.0.0 - 16.0.1
  • 15.1.0 - 15.1.2
  • 14.1.0 - 14.1.3
  • 13.1.0 - 13.1.3
  • 12.1.0 - 12.1.5

BIG-IQ Centralized Management

Vulnerable Versions
  • 7.1.0
  • 7.0.0
  • 6.0.0 - 6.1.0

Datashield is actively watching the exploit and will be creating alerts to detect exploit attempts. There are no known POC’s or actors utilizing this exploit.

If you have any questions regarding this vulnerability, please contact us.

Read more blogs from Datashield

Topics from this Article

News, CVE, Threat Intelligence, Threat Analysis

Official Datashield account for blog content, news, announcements and more. The articles authored include a collaboration between internal staff, specifically the security operations and marketing team.

Related Posts

Datashield Becomes Member of Microsoft Intelligent Security Association (MISA)

Datashield Becomes Member of Microsoft Intelligent Security Association (MISA)

The Difference Between Cybersecurity & Network Security

The Difference Between Cybersecurity & Network Security

Security Advisory Kaseya VSA

Datashield Security Advisory: