F5 iControl iCall::Script Root Command Execution

Posted by deepcore on November 19, 2015 – 4:37 pm

This Metasploit module exploits an authenticated privilege escalation vulnerability in the iControl API on the F5 BIG-IP LTM (and likely other F5 devices). This requires valid credentials and the Resource Administrator role. The exploit should work on BIG-IP 11.3.0 – 11.6.0, (11.5.x < 11.5.3 HF2 or 11.6.x < 11.6.0 HF6, see references for more details).

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [dos] – Sam Spade 1.14 – Decode URL Buffer Overflow Crash PoC [webapps] – ZTE ZXHN H108N R1A, ZXV10 W300 Routers – Multiple Vulnerabilities »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

F5 iControl iCall::Script Root Command Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL