Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2022-1388

Description

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

POC

Reference

- http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html

- http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html

- http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html

- https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/

Github

- https://github.com/0day404/vulnerability-poc

- https://github.com/0x783kb/Security-operation-book

- https://github.com/0x7eTeam/CVE-2022-1388-PocExp

- https://github.com/0xAgun/CVE-2022-1388

- https://github.com/0xMarcio/cve

- https://github.com/0xf4n9x/CVE-2022-1388

- https://github.com/20142995/Goby

- https://github.com/20142995/nuclei-templates

- https://github.com/20142995/pocsuite3

- https://github.com/34zY/APT-Backpack

- https://github.com/404tk/lazyscan

- https://github.com/8lu3sh311/CVE-PoC

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/Al1ex/CVE-2022-1388

- https://github.com/AmirHoseinTangsiriNET/CVE-2022-1388-Scanner

- https://github.com/Angus-Team/F5-BIG-IP-RCE-CVE-2022-1388

- https://github.com/Ankitkushwaha90/CyberMind_LLM

- https://github.com/ArrestX/--POC

- https://github.com/Awrrays/FrameVul

- https://github.com/BishopFox/bigip-scanner

- https://github.com/BushidoUK/BushidoUK

- https://github.com/CLincat/vulcat

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/Poc-Git

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/cve

- https://github.com/CVEDB/top

- https://github.com/Chocapikk/CVE-2022-1388

- https://github.com/DR0p1ET404/ABNR

- https://github.com/EvilLizard666/CVE-2022-1388

- https://github.com/ExploitPwner/CVE-2022-1388

- https://github.com/ExploitPwner/CVE-2022-1388-BIG-IP-Mass-Exploit

- https://github.com/F5Networks/f5-aws-cloudformation

- https://github.com/F5Networks/f5-aws-cloudformation-v2

- https://github.com/F5Networks/f5-azure-arm-templates

- https://github.com/F5Networks/f5-azure-arm-templates-v2

- https://github.com/F5Networks/f5-google-gdm-templates-v2

- https://github.com/GhostTroops/TOP

- https://github.com/GoVanguard/Gotham-Security-Aggregate-Repo

- https://github.com/Henry4E36/CVE-2022-1388

- https://github.com/HimmelAward/Goby_POC

- https://github.com/Holyshitbruh/2022-2021-F5-BIG-IP-IQ-RCE

- https://github.com/Holyshitbruh/2022-2021-RCE

- https://github.com/Hudi233/CVE-2022-1388

- https://github.com/JERRY123S/all-poc

- https://github.com/KNIGHTPROJEKS-0/LANCELOTT

- https://github.com/KayCHENvip/vulnerability-poc

- https://github.com/LinJacck/CVE-2022-1388-EXP

- https://github.com/Luchoane/CVE-2022-1388_refresh

- https://github.com/M4fiaB0y/CVE-2022-1388

- https://github.com/Mattb709/HELLCAT-Practical-Initial-Access-Guide-for-Red-Teams

- https://github.com/Miraitowa70/POC-Notes

- https://github.com/Mr-xn/Penetration_Testing_POC

- https://github.com/MrCl0wnLab/Nuclei-Template-CVE-2022-1388-BIG-IP-iControl-REST-Exposed

- https://github.com/MrCl0wnLab/Nuclei-Template-Exploit-F5-BIG-IP-iControl-REST-Auth-Bypass-RCE-Command-Parameter

- https://github.com/NaInSec/CVE-PoC-in-GitHub

- https://github.com/NyxAzrael/Goby_POC

- https://github.com/On-Cyber-War/CVE-2022-1388

- https://github.com/OnCyberWar/CVE-2022-1388

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/Osyanina/westone-CVE-2022-1388-scanner

- https://github.com/PsychoSec2/CVE-2022-1388-POC

- https://github.com/ReAbout/audit-java

- https://github.com/SYRTI/POC_to_review

- https://github.com/Saatann/cybersec-task3

- https://github.com/SecTheBit/CVE-2022-1388

- https://github.com/SkyBelll/CVE-PoC

- https://github.com/Stonzyy/Exploit-F5-CVE-2022-1388

- https://github.com/Str1am/my-nuclei-templates

- https://github.com/SudeepaShiranthaka/F5-BIG-IP-Remote-Code-Execution-Vulnerability-CVE-2022-1388-A-Case-Study

- https://github.com/SummerSec/SpringExploit

- https://github.com/ThinkingOffensively/CVE-2022-1388

- https://github.com/Threekiii/Awesome-POC

- https://github.com/TomArni680/CVE-2022-1388-POC

- https://github.com/TomArni680/CVE-2022-1388-RCE

- https://github.com/TrojanAZhen/Self_Back

- https://github.com/UNC1739/awesome-vulnerability-research

- https://github.com/Vulnmachines/F5-Big-IP-CVE-2022-1388

- https://github.com/WhooAmii/POC_to_review

- https://github.com/Wrin9/CVE-2022-1388

- https://github.com/Wrin9/POC

- https://github.com/XiaomingX/awesome-cve-exp-poc

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/XiaomingX/cve-2022-1388-poc

- https://github.com/XmasSnowISBACK/CVE-2022-1388

- https://github.com/Z0fhack/Goby_POC

- https://github.com/Zaid-maker/my-awesome-stars-list

- https://github.com/ZephrFish/F5-CVE-2022-1388-Exploit

- https://github.com/Zeyad-Azima/CVE-2022-1388

- https://github.com/aancw/CVE-2022-1388-rs

- https://github.com/abdullah89255/ShodanX-

- https://github.com/adnan-kutay-yuksel/letsdefend-all-courses-database

- https://github.com/adnan-kutay-yuksel/letsdefend-all-rooms-database

- https://github.com/amitlttwo/CVE-2022-1388

- https://github.com/aodsec/CVE-2022-1388-PocExp

- https://github.com/badigervijay/AI-Based-Threat-Intelligence-Platform

- https://github.com/bandit92/CVE2022-1388_TestAPI

- https://github.com/battleofthebots/refresh

- https://github.com/berlin-devops/All-CVE

- https://github.com/bfengj/CTF

- https://github.com/bhdresh/SnortRules

- https://github.com/blind-intruder/CVE-2022-1388-RCE-checker

- https://github.com/blind-intruder/CVE-2022-1388-RCE-checker-and-POC-Exploit

- https://github.com/blind-intruder/Exploit-CVE

- https://github.com/bytecaps/CVE-2022-1388-EXP

- https://github.com/bytecaps/F5-BIG-IP-RCE-Check

- https://github.com/cboss43/CVE-2024-25600

- https://github.com/cc8700619/poc

- https://github.com/chesterblue/CVE-2022-1388

- https://github.com/crac-learning/CVE-analysis-reports

- https://github.com/cve-hunter/CVE-2022-1388-mass

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/cyberleelawat/LeelawatX-CVE-Hunter

- https://github.com/d4n-sec/d4n-sec.github.io

- https://github.com/devengpk/CVE-2022-1388

- https://github.com/doocop/CVE-2022-1388-EXP

- https://github.com/dravenww/curated-article

- https://github.com/electr0lulz/Mass-CVE-2022-1388

- https://github.com/electr0lulz/electr0lulz

- https://github.com/fardeen-ahmed/Bug-bounty-Writeups

- https://github.com/forktheplanet/CVE-2022-1388

- https://github.com/fzn0x/awesome-stars

- https://github.com/gabriellaabigail/CVE-2022-1388

- https://github.com/getdrive/F5-BIG-IP-exploit

- https://github.com/getdrive/PoC

- https://github.com/gotr00t0day/CVE-2022-1388

- https://github.com/hackeyes/CVE-2022-1388-POC

- https://github.com/hktalent/TOP

- https://github.com/hktalent/bug-bounty

- https://github.com/horizon3ai/CVE-2022-1388

- https://github.com/hou5/CVE-2022-1388

- https://github.com/iluaster/getdrive_PoC

- https://github.com/impost0r/CVE-2022-1388

- https://github.com/insecrez/Bug-bounty-Writeups

- https://github.com/iveresk/cve-2022-1388-1veresk

- https://github.com/iveresk/cve-2022-1388-iveresk-command-shell

- https://github.com/j-baines/tippa-my-tongue

- https://github.com/jaeminLeee/cve

- https://github.com/jbharucha05/CVE-2022-1388

- https://github.com/jbmihoub/all-poc

- https://github.com/jheeree/CVE-2022-1388-checker

- https://github.com/jsongmax/F5-BIG-IP-TOOLS

- https://github.com/justakazh/CVE-2022-1388

- https://github.com/k0mi-tg/CVE-POC

- https://github.com/karimhabush/cyberowl

- https://github.com/komodoooo/Some-things

- https://github.com/komodoooo/some-things

- https://github.com/kuznyJan1972/cve-2022-1388-mass

- https://github.com/li8u99/CVE-2022-1388

- https://github.com/lions2012/Penetration_Testing_POC

- https://github.com/lit1numyt/docker-pentest_victim

- https://github.com/lonnyzhang423/github-hot-hub

- https://github.com/luck-ying/Library-POC

- https://github.com/manas3c/CVE-POC

- https://github.com/mazharkhanpathan61354/cyber-security-internship-task-3

- https://github.com/merlinepedra/AttackWebFrameworkTools-5.0

- https://github.com/merlinepedra/RedTeam_toolkit

- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0

- https://github.com/merlinepedra25/RedTeam_toolkit

- https://github.com/mr-vill4in/CVE-2022-1388

- https://github.com/nico989/CVE-2022-1388

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/numanturle/CVE-2022-1388

- https://github.com/nvk0x/CVE-2022-1388-exploit

- https://github.com/omnigodz/CVE-2022-1388

- https://github.com/pauloink/CVE-2022-1388

- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/psc4re/nuclei-templates

- https://github.com/qusaialhaddad/F5-BigIP-CVE-2022-1388

- https://github.com/r0otk3r/CVE-2022-1388

- https://github.com/rathor-ak/Task-3-vulnerability-Report-

- https://github.com/revanmalang/CVE-2022-1388

- https://github.com/sashka3076/F5-BIG-IP-exploit

- https://github.com/saucer-man/CVE-2022-1388

- https://github.com/savior-only/CVE-2022-1388

- https://github.com/seciurdt/CVE-2022-1388-mass

- https://github.com/shamo0/CVE-2022-1388

- https://github.com/shengshengli/AttackWebFrameworkTools-5.0

- https://github.com/sherlocksecurity/CVE-2022-1388-Exploit-POC

- https://github.com/sherlocksecurity/CVE-2022-1388_F5_BIG-IP_RCE

- https://github.com/signorrayan/RedTeam_toolkit

- https://github.com/superfish9/pt

- https://github.com/superzerosec/CVE-2022-1388

- https://github.com/superzerosec/poc-exploit-index

- https://github.com/thatonesecguy/CVE-2022-1388-Exploit

- https://github.com/ting0602/NYCU_NetSec_Project

- https://github.com/trhacknon/CVE-2022-1388

- https://github.com/trhacknon/CVE-2022-1388-PocExp

- https://github.com/trhacknon/CVE-2022-1388-RCE-checker

- https://github.com/trhacknon/Exploit-F5-CVE-2022-1388

- https://github.com/trhacknon/F5-CVE-2022-1388-Exploit

- https://github.com/trhacknon/Pocingit

- https://github.com/trickest/cve

- https://github.com/v4sh25/CVE_2022_1388

- https://github.com/vaelwolf/CVE-2022-1388

- https://github.com/vesperp/CVE-2022-1388-F5-BIG-IP

- https://github.com/vesperp/CVE-2022-1388-F5-BIG-IP-

- https://github.com/w3security/PoCVE

- https://github.com/warriordog/little-log-scan

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/west9b/F5-BIG-IP-POC

- https://github.com/whoforget/CVE-POC

- https://github.com/xanszZZ/pocsuite3-poc

- https://github.com/xt3heho29/20220718

- https://github.com/xuetusummer/Penetration_Testing_POC

- https://github.com/youwizard/CVE-POC

- https://github.com/yukar1z0e/CVE-2022-1388

- https://github.com/zecool/cve