NOMISEC-vesperp/CVE-2022-1388-F5-BIG-IP

NOMISEC WORKING POC

Exploit for CVE-2022-1388 - F5 BIG-IP iControl RCE via REST Authentication Bypass

AI Analysis

This PoC exploits CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP, by sending a crafted POST request to execute arbitrary commands via the management interface. The script reads target URLs from a file and checks for vulnerability by running the 'id' command.

Attack Type

RCE

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type poc

Files 2

https://github.com/vesperp/CVE-2022-1388-F5-BIG-IP

Stars 1

Forks 1

Last Push May 18, 2022

Authors

vesperp

Vulnerability

CVE-2022-1388

F5 BIG-IP iControl RCE via REST Authentication Bypass

CRITICAL KEV

CVSS 9.8