On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 29 Jan 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2021-11-03'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2025-07-30T01:38:15.000Z

Reserved: 2021-01-06T00:00:00.000Z

Link: CVE-2021-22986

cve-icon Vulnrichment

Updated: 2024-08-03T18:58:26.247Z

cve-icon NVD

Status : Analyzed

Published: 2021-03-31T15:15:15.153

Modified: 2025-04-02T19:09:11.370

Link: CVE-2021-22986

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.