CVE-2021-22986

CVE Database · CVE-2021-22986

CVE-2021-22986

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

99.90%

Published

Mar 31, 2021

Modified

Oct 27, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2021-11-17

Apply updates per vendor instructions.

Public PoC / Exploit (11)

All weaponized →

Exploit-DBF5 BIG-IP 16.0.x - iControl REST Remote Code Execution (Unauthenticated)NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCAl1ex/CVE-2021-22986★91 GitHub PoCdorkerdevil/CVE-2021-22986-Poc★51 GitHub PoCS1xHcL/f5_rce_poc★27 GitHub PoCTas9er/CVE-2021-22986★14 GitHub PoCwest9b/F5-BIG-IP-POC★10 GitHub PoCyaunsky/CVE-202122986-EXP★8 GitHub PoCsafesword/F5_RCE★4 GitHub PoCZephrFish/CVE-2021-22986_Check★3

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-918CWE-918

Affected Products (73)

f5 · big-ip_access_policy_manager (up to 12.1.5.3)vulnerable

f5 · big-ip_access_policy_manager (up to 13.1.3.6)vulnerable

f5 · big-ip_access_policy_manager (up to 14.1.4)vulnerable

f5 · big-ip_access_policy_manager (up to 15.1.2.1)vulnerable

f5 · big-ip_access_policy_manager (up to 16.0.1.1)vulnerable

f5 · big-ip_advanced_firewall_manager (up to 12.1.5.3)vulnerable

f5 · big-ip_advanced_firewall_manager (up to 13.1.3.6)vulnerable

f5 · big-ip_advanced_firewall_manager (up to 14.1.4)vulnerable

References (7)

http://packetstormsecurity.com/files/162059/F5-iControl-Server-Side-Request-Forgery-Remote-Command-Execution.html

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/162066/F5-BIG-IP-16.0.x-Remote-Code-Execution.html

ExploitThird Party AdvisoryVDB Entry

https://support.f5.com/csp/article/K03009991

Vendor Advisory

http://packetstormsecurity.com/files/162059/F5-iControl-Server-Side-Request-Forgery-Remote-Command-Execution.html

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/162066/F5-BIG-IP-16.0.x-Remote-Code-Execution.html

KEV Catalog EPSS Scores Vendors All CVEs

f5 · big-ip_advanced_firewall_manager (up to 15.1.2.1)

f5 · big-ip_advanced_firewall_manager (up to 16.0.1.1)vulnerable

f5 · big-ip_advanced_web_application_firewall (up to 12.1.5.3)vulnerable

f5 · big-ip_advanced_web_application_firewall (up to 13.1.3.6)vulnerable

f5 · big-ip_advanced_web_application_firewall (up to 14.1.4)vulnerable

f5 · big-ip_advanced_web_application_firewall (up to 15.1.2.1)vulnerable

f5 · big-ip_advanced_web_application_firewall (up to 16.0.1.1)vulnerable

f5 · big-ip_analytics (up to 12.1.5.3)vulnerable

f5 · big-ip_analytics (up to 13.1.3.6)vulnerable

f5 · big-ip_analytics (up to 14.1.4)vulnerable

f5 · big-ip_analytics (up to 15.1.2.1)vulnerable

f5 · big-ip_analytics (up to 16.0.1.1)vulnerable

f5 · big-ip_application_acceleration_manager (up to 12.1.5.3)vulnerable

f5 · big-ip_application_acceleration_manager (up to 13.1.3.6)vulnerable

f5 · big-ip_application_acceleration_manager (up to 14.1.4)vulnerable

f5 · big-ip_application_acceleration_manager (up to 15.1.2.1)vulnerable

f5 · big-ip_application_acceleration_manager (up to 16.0.1.1)vulnerable

f5 · big-ip_application_security_manager (up to 12.1.5.3)vulnerable

f5 · big-ip_application_security_manager (up to 13.1.3.6)vulnerable

f5 · big-ip_application_security_manager (up to 14.1.4)vulnerable

f5 · big-ip_application_security_manager (up to 15.1.2.1)vulnerable

f5 · big-ip_application_security_manager (up to 16.0.1.1)vulnerable

f5 · big-ip_ddos_hybrid_defender (up to 12.1.5.3)vulnerable

f5 · big-ip_ddos_hybrid_defender (up to 13.1.3.6)vulnerable

f5 · big-ip_ddos_hybrid_defender (up to 14.1.4)vulnerable

f5 · big-ip_ddos_hybrid_defender (up to 15.1.2.1)vulnerable

f5 · big-ip_ddos_hybrid_defender (up to 16.0.1.1)vulnerable

f5 · big-ip_domain_name_system (up to 12.1.5.3)vulnerable

f5 · big-ip_domain_name_system (up to 13.1.3.6)vulnerable

f5 · big-ip_domain_name_system (up to 14.1.4)vulnerable

f5 · big-ip_domain_name_system (up to 15.1.2.1)vulnerable

f5 · big-ip_domain_name_system (up to 16.0.1.1)vulnerable

f5 · big-ip_fraud_protection_service (up to 12.1.5.3)vulnerable

f5 · big-ip_fraud_protection_service (up to 13.1.3.6)vulnerable

f5 · big-ip_fraud_protection_service (up to 14.1.4)vulnerable

f5 · big-ip_fraud_protection_service (up to 15.1.2.1)vulnerable

f5 · big-ip_fraud_protection_service (up to 16.0.1.1)vulnerable

f5 · big-ip_global_traffic_manager (up to 12.1.5.3)vulnerable

f5 · big-ip_global_traffic_manager (up to 13.1.3.6)vulnerable

f5 · big-ip_global_traffic_manager (up to 14.1.4)vulnerable

f5 · big-ip_global_traffic_manager (up to 15.1.2.1)vulnerable

f5 · big-ip_global_traffic_manager (up to 16.0.1.1)vulnerable

ExploitThird Party AdvisoryVDB Entry