Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
This vulnerability is well known, and public exploit code is available. Management ports on BIG-IP devices are not typically exposed to the internet, requiring an attacker to access unpatched internal BIG-IP devices. A successful exploit can enable an attacker to gain control of a device by running arbitrary commands.
Kill Chain
Risk Score
83
The iControl REST API helps administrators manage an F5 BIG-IP server. An unauthenticated attacker with network access to an iControl management interface can bypass authentication to access BIG-IP systems by manipulating HTTP request headers. The attacker sends an HTTP POST request with an arbitrary, malicious command to a restricted management REST API endpoint (such as mgmt/tm/util/bash). The victim responds with a confirmation that the command was processed.
Upgrade to BIG-IP versions 13.1.5, 14.1.4.6, 15.1.5.1, 16.1.2.2, or 17.0.0
If unable to upgrade, refer to KB23605346 for instructions about blocking iControl REST access through the self IP address, blocking iControl REST access through the management interface, and modifying the BIG-IP httpd configuration.
