CVE-2021-22986

This exploit targets CVE-2021-22986, an unauthenticated RCE vulnerability in F5 BIG-IP and BIG-IQ devices. It leverages the iControl REST API to execute arbitrary commands via the `/mgmt/tm/util/bash` endpoint, either by extracting an authentication token or using a hardcoded basic auth header.

This repository contains a functional exploit for CVE-2021-22986, an unauthenticated remote command execution vulnerability in F5 BIG-IP and BIG-IQ devices. The exploit leverages the iControl REST interface to execute arbitrary commands via the `/mgmt/tm/util/bash` endpoint.

The repository contains functional exploit code for CVE-2021-22986, demonstrating unauthenticated remote command execution (RCE) in BIG-IP iControl REST. The PoC includes curl commands to trigger command injection via the `filePath` parameter and direct bash command execution.

This repository contains a functional Python exploit for CVE-2021-22986, targeting F5 BIG-IP devices. The exploit leverages an authentication bypass and command injection vulnerability in the `/mgmt/tm/util/bash` endpoint to achieve remote code execution (RCE).

The repository claims to exploit CVE-2021-22986 (F5 BIG-IP RCE) but provides no actual exploit code, only a README with vague instructions and a warning. It lacks technical details and directs users to an external JAR file, which is a red flag for potential malware or a fake exploit.

This repository contains a Go-based PoC for multiple F5 BIG-IP vulnerabilities, including CVE-2022-1388, which allows authentication bypass and remote command execution. The code sends crafted HTTP requests to exploit the vulnerabilities and checks for successful execution.

This repository contains a functional exploit for CVE-2021-22986, a remote command execution vulnerability in F5 BIG-IP. The exploit sends a crafted POST request to the `/mgmt/tm/util/bash` endpoint with a base64-encoded command, allowing arbitrary command execution on vulnerable systems.

This repository contains a functional Python exploit for CVE-2021-22986, an RCE vulnerability in F5 BIG-IP. The script sends a crafted POST request to the `/mgmt/tm/util/bash` endpoint with a command payload, leveraging improper authentication handling.

The repository contains a Python script that checks for the presence of CVE-2021-22986, a remote command execution vulnerability in F5 BIG-IP devices. The script sends a crafted HTTP POST request to the `/mgmt/tm/util/bash` endpoint and checks the response to determine if the target is vulnerable.

The repository claims to be a 'Canonical Extension of CVE-2021-22986' but contains no actual exploit code or technical details about the vulnerability. Instead, it focuses on a theoretical control validation system with no functional PoC or vulnerability analysis.

This repository is a structured research platform for CVE-2021-22986, focusing on governance and lifecycle management rather than providing a functional exploit. It includes protobuf definitions, CI/CD workflows, and documentation but lacks actual exploit code.

This repository provides a structured research platform for CVE-2021-22986, focusing on governance and ASVS compliance rather than offensive exploitation. It models the vulnerability as a data flow problem, using gRPC services to ingest, trace, and verify controls without executing live exploits.

This Python script exploits CVE-2021-22986, an authentication bypass vulnerability in F5 BIG-IP, by sending crafted requests to obtain an authentication token and then executing arbitrary commands via the management interface.

This repository contains a functional exploit for CVE-2021-22986, an unauthenticated remote command execution vulnerability in F5 BIG-IP and BIG-IQ devices. The exploit leverages the iControl REST interface to execute arbitrary commands via the `/mgmt/tm/util/bash` endpoint.

This Python script exploits CVE-2021-22986, an RCE vulnerability in F5 BIG-IP, by sending a crafted POST request to the `/mgmt/tm/util/bash` endpoint with a command payload. It reads target URLs from a file and checks for successful exploitation by verifying the response status code.

The repository lacks actual exploit code and only provides vague instructions for scanning IPs, directing users to external tools like Shodan or ZoomEye. No technical details about CVE-2021-22986 are provided.

This repository contains a functional exploit for CVE-2021-22986, a vulnerability in F5 BIG-IP that allows unauthenticated remote command execution. The exploit leverages token leakage and command injection via the `/mgmt/tm/util/bash` endpoint.

This repository contains a functional exploit for CVE-2021-22986, which targets F5 BIG-IP/BIG-IQ iControl Rest API. The exploit leverages SSRF to achieve RCE by leaking an authentication token and then executing arbitrary commands via the `/mgmt/tm/util/bash` endpoint.

The repository contains only a minimal README with no exploit code or technical details. It appears to be a placeholder or stub for a scanner related to CVE-2021-22986.

This repository contains functional exploit code for multiple CVEs, including CVE-2021-22986 (F5 BIG-IP iControl REST unauthenticated RCE), CVE-2021-21307 (Lucee Admin unauthenticated RCE), and others. The exploits are well-documented with clear steps and include payload generation and execution scripts.

This Metasploit module exploits CVE-2021-22986, an unauthenticated SSRF in F5 iControl REST API to generate an X-F5-Auth-Token, enabling root command execution on affected BIG-IP or BIG-IQ devices.