NOMISEC-sherlocksecurity/CVE-2022-1388-Exploit-POC

NOMISEC WORKING POC
Exploit for CVE-2022-1388 - F5 BIG-IP iControl RCE via REST Authentication Bypass
AI Analysis

This PoC demonstrates an authenticated remote command execution (RCE) vulnerability in F5 BIG-IP via an exposed management interface. The exploit sends a crafted POST request to `/mgmt/tm/util/bash` with a base64-encoded admin credential to execute arbitrary commands (e.g., `id`).

Attack Type
RCE
Complexity
trivial
Reliability
reliable
MITRE ATT&CK
T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter
Loading exploit code...
Download ZIP Password: eip
Source
Platform Nomisec
Type poc
Files 2
Stars 58
Forks 15
Last Push May 15, 2022
Authors
sherlocksecurity
Vulnerability
CVE-2022-1388
F5 BIG-IP iControl RCE via REST Authentication Bypass
CRITICAL KEV
CVSS 9.8