CISA Known Exploited Vulnerability

CVE-2021-22986 Ransomware

F5 · BIG-IP and BIG-IQ Centralized Management

F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability

Date added 2021-11-03

BOD 22-01 due date 2021-11-17

CWE CWE-863

Ransomware Known

CISA description

F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services.

Required action

Apply updates per vendor instructions.

Notes & references

https://nvd.nist.gov/vuln/detail/CVE-2021-22986

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2021-22986
CVE.org · CVE-2021-22986
CISA KEV catalog (canonical)