Full title: F5 iControl Server-Side Request Forgery / Remote Command Execution Exploit 
Category: web applications
Platform: hardware
This Metasploit module exploits a pre-authentication server-side request forgery vulnerability in the F5 iControl REST API's /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that can be used to execute root commands on an affected BIG-IP or BIG-IQ device.

# 0day.today @ http://0day.today/