NOMISEC-nvk0x/CVE-2022-1388-exploit

NOMISEC WORKING POC
Exploit for CVE-2022-1388 - F5 BIG-IP iControl RCE via REST Authentication Bypass
AI Analysis

This exploit targets CVE-2022-1388, an authentication bypass vulnerability in F5 BIG-IP iControl REST. It sends a crafted POST request to execute arbitrary commands via the `/mgmt/tm/util/bash` endpoint by manipulating headers and JSON payload.

Attack Type
RCE
Complexity
trivial
Reliability
reliable
MITRE ATT&CK
T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution
Loading exploit code...
Download ZIP Password: eip
Source
Platform Nomisec
Type remote
Files 2
Stars 3
Forks 0
Last Push Jan 03, 2024
Authors
nvk0x
Vulnerability
CVE-2022-1388
F5 BIG-IP iControl RCE via REST Authentication Bypass
CRITICAL KEV
CVSS 9.8