Vulnerability & Exploit Database

Back to search

F5 iControl iCall::Script Root Command Execution

This module exploits an authenticated privilege escalation vulnerability in the iControl API on the F5 BIG-IP LTM (and likely other F5 devices). This requires valid credentials and the Resource Administrator role. The exploit should work on BIG-IP 11.3.0 - 11.6.0, (11.5.x < 11.5.3 HF2 or 11.6.x < 11.6.0 HF6, see references for more details)

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/linux/http/f5_icall_cmd

Authors

  • tom
  • Jon Hart <jon_hart [at] rapid7.com>

References

Targets

  • F5 BIG-IP LTM 11.x

Platforms

  • unix

Architectures

  • cmd

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/linux/http/f5_icall_cmd msf exploit(f5_icall_cmd) > show targets ...targets... msf exploit(f5_icall_cmd) > set TARGET <target-id> msf exploit(f5_icall_cmd) > show options ...show and set options... msf exploit(f5_icall_cmd) > exploit