EXPLOITDB-EDB-50932

EXPLOITDB python WORKING POC
Exploit for CVE-2022-1388 - F5 BIG-IP iControl RCE via REST Authentication Bypass
AI Analysis

This exploit targets CVE-2022-1388 in F5 BIG-IP 16.0.x by sending a crafted POST request to the management interface's bash endpoint, executing a reverse shell payload via the 'utilCmdArgs' parameter. It leverages basic authentication and a malformed X-F5-Auth-Token header to bypass authentication.

Attack Type
RCE
Complexity
trivial
Reliability
reliable
MITRE ATT&CK
T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter
Loading exploit code...
Download ZIP Password: eip
Source
Platform Exploitdb
Type remote
Platform multiple
Language python
Files 1
Authors
Yesith Alvarez
Vulnerability
CVE-2022-1388
F5 BIG-IP iControl RCE via REST Authentication Bypass
CRITICAL KEV
CVSS 9.8