NOMISEC-qusaialhaddad/F5-BigIP-CVE-2022-1388

NOMISEC WORKING POC
Exploit for CVE-2022-1388 - F5 BIG-IP iControl RCE via REST Authentication Bypass
AI Analysis

This is a functional Python exploit for CVE-2022-1388, an unauthenticated RCE vulnerability in F5 BIG-IP. It leverages improper authentication in the iControl REST interface to execute arbitrary commands via the `/mgmt/tm/util/bash` endpoint.

Attack Type
RCE
Complexity
trivial
Reliability
reliable
MITRE ATT&CK
T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution
Loading exploit code...
Download ZIP Password: eip
Source
Platform Nomisec
Type remote
Files 2
Stars 8
Forks 1
Last Push May 10, 2022
Authors
qusaialhaddad Qusai Alhaddad (SecurityKiller)
Vulnerability
CVE-2022-1388
F5 BIG-IP iControl RCE via REST Authentication Bypass
CRITICAL KEV
CVSS 9.8