F5 BIG-IP iControl Remote Code Execution

Discussion in 'News Aggregator' started by Packet Storm, 13 May 2022.

  1. Packet Storm

    Packet Storm Guest

    This Metasploit module exploits an authentication bypass vulnerability in the F5 BIG-IP iControl REST service to gain access to the admin account, which is capable of executing commands through the /mgmt/tm/util/bash endpoint. Successful exploitation results in remote code execution as the root user.

    Continue reading...
     

Share This Page

Loading...