CVE-2022-1388.md

CVE-2022-1388

Description

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

POC

Reference

• http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html

Github

• https://github.com/0day404/vulnerability-poc
• https://github.com/0x783kb/Security-operation-book
• https://github.com/0x7eTeam/CVE-2022-1388-PocExp
• https://github.com/0xAgun/CVE-2022-1388
• https://github.com/0xMarcio/cve
• https://github.com/0xf4n9x/CVE-2022-1388
• https://github.com/20142995/Goby
• https://github.com/20142995/nuclei-templates
• https://github.com/20142995/pocsuite3
• https://github.com/34zY/APT-Backpack
• https://github.com/404tk/lazyscan
• https://github.com/ARPSyndicate/cvemon
• https://github.com/ARPSyndicate/kenzer-templates
• https://github.com/Al1ex/CVE-2022-1388
• https://github.com/AmirHoseinTangsiriNET/CVE-2022-1388-Scanner
• https://github.com/Angus-Team/F5-BIG-IP-RCE-CVE-2022-1388
• https://github.com/ArrestX/--POC
• https://github.com/Awrrays/FrameVul
• https://github.com/BishopFox/bigip-scanner
• https://github.com/BushidoUK/BushidoUK
• https://github.com/CLincat/vulcat
• https://github.com/CVEDB/PoC-List
• https://github.com/CVEDB/Poc-Git
• https://github.com/CVEDB/awesome-cve-repo
• https://github.com/CVEDB/cve
• https://github.com/CVEDB/top
• https://github.com/Chocapikk/CVE-2022-1388
• https://github.com/DR0p1ET404/ABNR
• https://github.com/EvilLizard666/CVE-2022-1388
• https://github.com/ExploitPwner/CVE-2022-1388
• https://github.com/ExploitPwner/CVE-2022-1388-BIG-IP-Mass-Exploit
• https://github.com/F5Networks/f5-aws-cloudformation
• https://github.com/F5Networks/f5-aws-cloudformation-v2
• https://github.com/F5Networks/f5-azure-arm-templates
• https://github.com/F5Networks/f5-azure-arm-templates-v2
• https://github.com/F5Networks/f5-google-gdm-templates-v2
• https://github.com/GhostTroops/TOP
• https://github.com/GoVanguard/Gotham-Security-Aggregate-Repo
• https://github.com/Henry4E36/CVE-2022-1388
• https://github.com/HimmelAward/Goby_POC
• https://github.com/Holyshitbruh/2022-2021-F5-BIG-IP-IQ-RCE
• https://github.com/Holyshitbruh/2022-2021-RCE
• https://github.com/Hudi233/CVE-2022-1388
• https://github.com/JERRY123S/all-poc
• https://github.com/KayCHENvip/vulnerability-poc
• https://github.com/LinJacck/CVE-2022-1388-EXP
• https://github.com/Luchoane/CVE-2022-1388_refresh
• https://github.com/M4fiaB0y/CVE-2022-1388
• https://github.com/Miraitowa70/POC-Notes
• https://github.com/Mr-xn/Penetration_Testing_POC
• https://github.com/MrCl0wnLab/Nuclei-Template-CVE-2022-1388-BIG-IP-iControl-REST-Exposed
• https://github.com/MrCl0wnLab/Nuclei-Template-Exploit-F5-BIG-IP-iControl-REST-Auth-Bypass-RCE-Command-Parameter
• https://github.com/NaInSec/CVE-PoC-in-GitHub
• https://github.com/On-Cyber-War/CVE-2022-1388
• https://github.com/OnCyberWar/CVE-2022-1388
• https://github.com/Ostorlab/KEV
• https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
• https://github.com/Osyanina/westone-CVE-2022-1388-scanner
• https://github.com/PsychoSec2/CVE-2022-1388-POC
• https://github.com/SYRTI/POC_to_review
• https://github.com/SecTheBit/CVE-2022-1388
• https://github.com/SkyBelll/CVE-PoC
• https://github.com/Stonzyy/Exploit-F5-CVE-2022-1388
• https://github.com/Str1am/my-nuclei-templates
• https://github.com/SudeepaShiranthaka/F5-BIG-IP-Remote-Code-Execution-Vulnerability-CVE-2022-1388-A-Case-Study
• https://github.com/SummerSec/SpringExploit
• https://github.com/Threekiii/Awesome-POC
• https://github.com/TomArni680/CVE-2022-1388-POC
• https://github.com/TomArni680/CVE-2022-1388-RCE
• https://github.com/TrojanAZhen/Self_Back
• https://github.com/UNC1739/awesome-vulnerability-research
• https://github.com/Vulnmachines/F5-Big-IP-CVE-2022-1388
• https://github.com/WhooAmii/POC_to_review
• https://github.com/Wrin9/CVE-2022-1388
• https://github.com/Wrin9/POC
• https://github.com/XmasSnowISBACK/CVE-2022-1388
• https://github.com/Z0fhack/Goby_POC
• https://github.com/Zaid-maker/my-awesome-stars-list
• https://github.com/ZephrFish/F5-CVE-2022-1388-Exploit
• https://github.com/Zeyad-Azima/CVE-2022-1388
• https://github.com/aancw/CVE-2022-1388-rs
• https://github.com/amitlttwo/CVE-2022-1388
• https://github.com/aodsec/CVE-2022-1388-PocExp
• https://github.com/bandit92/CVE2022-1388_TestAPI
• https://github.com/battleofthebots/refresh
• https://github.com/bfengj/CTF
• https://github.com/bhdresh/SnortRules
• https://github.com/blind-intruder/CVE-2022-1388-RCE-checker
• https://github.com/blind-intruder/CVE-2022-1388-RCE-checker-and-POC-Exploit
• https://github.com/blind-intruder/Exploit-CVE
• https://github.com/bytecaps/CVE-2022-1388-EXP
• https://github.com/bytecaps/F5-BIG-IP-RCE-Check
• https://github.com/chesterblue/CVE-2022-1388
• https://github.com/crac-learning/CVE-analysis-reports
• https://github.com/cve-hunter/CVE-2022-1388-mass
• https://github.com/cyberanand1337x/bug-bounty-2022
• https://github.com/d4n-sec/d4n-sec.github.io
• https://github.com/devengpk/CVE-2022-1388
• https://github.com/doocop/CVE-2022-1388-EXP
• https://github.com/dravenww/curated-article
• https://github.com/electr0lulz/Mass-CVE-2022-1388
• https://github.com/electr0lulz/electr0lulz
• https://github.com/fardeen-ahmed/Bug-bounty-Writeups
• https://github.com/fzn0x/awesome-stars
• https://github.com/gabriellaabigail/CVE-2022-1388
• https://github.com/getdrive/F5-BIG-IP-exploit
• https://github.com/getdrive/PoC
• https://github.com/gotr00t0day/CVE-2022-1388
• https://github.com/hackeyes/CVE-2022-1388-POC
• https://github.com/hktalent/TOP
• https://github.com/hktalent/bug-bounty
• https://github.com/horizon3ai/CVE-2022-1388
• https://github.com/hou5/CVE-2022-1388
• https://github.com/iluaster/getdrive_PoC
• https://github.com/iveresk/cve-2022-1388-1veresk
• https://github.com/iveresk/cve-2022-1388-iveresk-command-shell
• https://github.com/j-baines/tippa-my-tongue
• https://github.com/jaeminLeee/cve
• https://github.com/jbharucha05/CVE-2022-1388
• https://github.com/jbmihoub/all-poc
• https://github.com/jheeree/CVE-2022-1388-checker
• https://github.com/jsongmax/F5-BIG-IP-TOOLS
• https://github.com/justakazh/CVE-2022-1388
• https://github.com/k0mi-tg/CVE-POC
• https://github.com/karimhabush/cyberowl
• https://github.com/komodoooo/Some-things
• https://github.com/komodoooo/some-things
• https://github.com/kuznyJan1972/cve-2022-1388-mass
• https://github.com/li8u99/CVE-2022-1388
• https://github.com/lions2012/Penetration_Testing_POC
• https://github.com/lonnyzhang423/github-hot-hub
• https://github.com/luck-ying/Library-POC
• https://github.com/manas3c/CVE-POC
• https://github.com/merlinepedra/RedTeam_toolkit
• https://github.com/merlinepedra25/RedTeam_toolkit
• https://github.com/mr-vill4in/CVE-2022-1388
• https://github.com/nico989/CVE-2022-1388
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/numanturle/CVE-2022-1388
• https://github.com/nvk0x/CVE-2022-1388-exploit
• https://github.com/omnigodz/CVE-2022-1388
• https://github.com/pauloink/CVE-2022-1388
• https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
• https://github.com/psc4re/nuclei-templates
• https://github.com/qusaialhaddad/F5-BigIP-CVE-2022-1388
• https://github.com/revanmalang/CVE-2022-1388
• https://github.com/sashka3076/F5-BIG-IP-exploit
• https://github.com/saucer-man/CVE-2022-1388
• https://github.com/savior-only/CVE-2022-1388
• https://github.com/seciurdt/CVE-2022-1388-mass
• https://github.com/shamo0/CVE-2022-1388
• https://github.com/sherlocksecurity/CVE-2022-1388-Exploit-POC
• https://github.com/sherlocksecurity/CVE-2022-1388_F5_BIG-IP_RCE
• https://github.com/signorrayan/RedTeam_toolkit
• https://github.com/superfish9/pt
• https://github.com/superzerosec/CVE-2022-1388
• https://github.com/superzerosec/poc-exploit-index
• https://github.com/thatonesecguy/CVE-2022-1388-Exploit
• https://github.com/ting0602/NYCU_NetSec_Project
• https://github.com/trhacknon/CVE-2022-1388
• https://github.com/trhacknon/CVE-2022-1388-PocExp
• https://github.com/trhacknon/CVE-2022-1388-RCE-checker
• https://github.com/trhacknon/Exploit-F5-CVE-2022-1388
• https://github.com/trhacknon/F5-CVE-2022-1388-Exploit
• https://github.com/trhacknon/Pocingit
• https://github.com/trickest/cve
• https://github.com/v4sh25/CVE_2022_1388
• https://github.com/vaelwolf/CVE-2022-1388
• https://github.com/vesperp/CVE-2022-1388-F5-BIG-IP
• https://github.com/vesperp/CVE-2022-1388-F5-BIG-IP-
• https://github.com/w3security/PoCVE
• https://github.com/warriordog/little-log-scan
• https://github.com/weeka10/-hktalent-TOP
• https://github.com/west9b/F5-BIG-IP-POC
• https://github.com/whoforget/CVE-POC
• https://github.com/xanszZZ/pocsuite3-poc
• https://github.com/xt3heho29/20220718
• https://github.com/xuetusummer/Penetration_Testing_POC
• https://github.com/youwizard/CVE-POC
• https://github.com/yukar1z0e/CVE-2022-1388
• https://github.com/zecool/cve