NOMISEC-Stonzyy/Exploit-F5-CVE-2022-1388

NOMISEC WORKING POC

Exploit for CVE-2022-1388 - F5 BIG-IP iControl RCE via REST Authentication Bypass

AI Analysis

This repository contains a PoC exploit for CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP. The scripts demonstrate command injection via the management interface, allowing remote code execution (RCE) by sending a crafted HTTP request to the `/mgmt/tm/util/bash` endpoint.

Attack Type

RCE

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type remote

Files 3

https://github.com/Stonzyy/Exploit-F5-CVE-2022-1388

Stars 5

Forks 3

Last Push May 10, 2022

Authors

Stonzyy

Vulnerability

CVE-2022-1388

F5 BIG-IP iControl RCE via REST Authentication Bypass

CRITICAL KEV

CVSS 9.8