NOMISEC-vaelwolf/CVE-2022-1388

NOMISEC WORKING POC
Exploit for CVE-2022-1388 - F5 BIG-IP iControl RCE via REST Authentication Bypass
AI Analysis

This is a functional exploit for CVE-2022-1388, targeting F5 BIG-IP iControl REST. It allows unauthenticated remote command execution via the /mgmt/tm/util/bash endpoint. The PoC includes options for single command execution, reverse shell, and traffic capture via tcpdump.

Attack Type
RCE
Complexity
trivial
Reliability
reliable
MITRE ATT&CK
T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter
Loading exploit code...
Download ZIP Password: eip
Source
Platform Nomisec
Type remote
Files 2
Stars 7
Forks 1
Last Push Dec 25, 2022
Authors
vaelwolf Jonathan (vaelwolf)
Vulnerability
CVE-2022-1388
F5 BIG-IP iControl RCE via REST Authentication Bypass
CRITICAL KEV
CVSS 9.8