BIG-IP: On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and…
Summary
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
CISA Known Exploited Vulnerability
- Listed:
- Nov 3, 2021 · federal remediation due Nov 17, 2021
- Required action:
- Apply updates per vendor instructions.
- Ransomware use:
- Known
KEV is a prioritization signal from CISA — remediation detail still comes from the vendor advisory.
- 16.0.x
- 15.1.x
- 14.1.x
- 13.1.x
- 12.1.x
- 7.1.0.x
- 7.0.0.x
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
- 16.0.1.1
- 15.1.2.1
- 14.1.4
- 13.1.3.6
- 12.1.5.3
- 7.1.0.3
- 7.0.0.2
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
Mitigation
Mitigation steps weren't captured by the parser for this advisory — this is a parsing gap, not a statement that no fix exists. Read the vendor advisory below for the authoritative guidance.
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.