ET EXPLOIT F5 BIG-IP iControl REST Unauthenticated RCE Inbound (CVE-2021-22986)
Sourceet/open
CreatedMarch 17, 2021
UpdatedMarch 17, 2021
Classificationattempted-admin
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT F5 BIG-IP iControl REST Unauthenticated RCE Inbound (CVE-2021-22986)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/mgmt/"; http.request_body; content:"|22|filepath|22 3a 22 60|"; fast_pattern; reference:cve,2021-22986; classtype:attempted-admin; sid:2032092; rev:1; metadata:attack_target Server, created_at 2021_03_17, cve CVE_2021_22986, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_03_17;)
References
| cve | 2021-22986 |
Metadata
attack targetServer
created at2021_03_17
deploymentSSLDecrypt
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2021_03_17
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!