NOMISEC-sashka3076/F5-BIG-IP-exploit

NOMISEC WORKING POC

Exploit for CVE-2022-1388 - F5 BIG-IP iControl RCE via REST Authentication Bypass

AI Analysis

This is a functional exploit for CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST interface leading to remote code execution. The PoC sends crafted JSON payloads to the `/mgmt/tm/util/bash` endpoint with manipulated headers to bypass authentication and execute arbitrary commands.

Attack Type

RCE

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type poc

Files 2

https://github.com/sashka3076/F5-BIG-IP-exploit

Stars 0

Forks 0

Last Push May 17, 2022

Authors

sashka3076 _0xf4n9x_

Vulnerability

CVE-2022-1388

F5 BIG-IP iControl RCE via REST Authentication Bypass

CRITICAL KEV

CVSS 9.8