F5 BIG-IP version 16.0.x suffers from an iControl REST remote code execution vulnerability.
f45499daffe84f508ed80070af63ea45
This Metasploit module exploits a pre-authentication server-side request forgery vulnerability in the F5 iControl REST API's /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that can be used to execute root commands on an affected BIG-IP or BIG-IQ device.
babad085c5ec0276c04a4de6f8676674