• Close
  • Back to search

    F5 iControl iCall::Script Root Command Execution

    This module exploits an authenticated privilege escalation vulnerability in the iControl API on the F5 BIG-IP LTM (and likely other F5 devices). This requires valid credentials and the Resource Administrator role. The exploit should work on BIG-IP 11.3.0 - 11.6.0, (11.5.x < 11.5.3 HF2 or 11.6.x < 11.6.0 HF6, see references for more details)

    Free Metasploit Download

    Get your copy of the world's leading penetration testing tool

     Download Now

    Module Name

    exploit/linux/http/f5_icall_cmd

    Authors

    • tom
    • Jon Hart <jon_hart [at] rapid7.com>

    References

    Targets

    • F5 BIG-IP LTM 11.x

    Platforms

    • unix

    Architectures

    • cmd

    Reliability

    Development

    Module Options

    To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

    msf > use exploit/linux/http/f5_icall_cmd msf exploit(f5_icall_cmd) > show targets ...targets... msf exploit(f5_icall_cmd) > set TARGET <target-id> msf exploit(f5_icall_cmd) > show options ...show and set options... msf exploit(f5_icall_cmd) > exploit