In a recent report, NCC Group elaborates on the recent discovery of the active exploitation of CVE-2021-22986. This vulnerability allows for unauthenticated, remote code execution of F5 BIG-IP devices through the BIG-IQ iControl REST API. F5 has since patched the vulnerability, but there are currently 6,791 potentially vulnerable devices online at the time of writing. One Proof of Concept (POC) exploit is available on GitHub, but more will likely be published soon.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in