What is CVE-2021-22986?

CVE-2021-22986 is a vulnerability in Big-ip; Big-iq. Published 2021-03-31.

Is CVE-2021-22986 known to be exploited?

Yes. CVE-2021-22986 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating it is being actively exploited. 126 public proof-of-concept repositories are indexed.

Vulnerability in Big-ip; Big-iq

CVE-2021-22986

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an un…

EPSS: 0.945 (100.0th percentile) — read the EPSS interpretation.

Affected products

N/a Big-ip; Big-iq — versions BIG-IP 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, BIG-IQ 7.1.0.x before 7.1.0.3, 7.0.0.x before 7.0.0.2

CISA KEV (Known Exploited Vulnerabilities)

This CVE is on the CISA KEV catalog, added on 2021-11-03. CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.

BOD 22-01 due date: 2021-11-17.

Required action: Apply updates per vendor instructions.

Known ransomware campaign use: yes.

Public proof-of-concept exploits

References

support.f5.com/csp/article/K03009991 (x_refsource_MISC)
packetstormsecurity.com/files/162059/F5-iControl-Server-Side-Request-Forgery-Re… (x_refsource_MISC)
packetstormsecurity.com/files/162066/F5-BIG-IP-16.0.x-Remote-Code-Execution.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-22986?: CVE-2021-22986 is a vulnerability in Big-ip; Big-iq. Published 2021-03-31.
Is CVE-2021-22986 known to be exploited?: Yes. CVE-2021-22986 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating it is being actively exploited. 126 public proof-of-concept repositories are indexed.