Vulnerability — CVE-2022-1388

CVE-2022-1388

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2022-1388
Description:: On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Last updated date:: 01/24/2023

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 05/08/2022
Reference url to background: https://twitter.com/GossiTheDog/status/1523222846474014720?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1523223763747483648%7Ctwgr%5E%7Ctwcon%5Es2_&ref_url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F131132%2Fhacking%2Fbig-ip-cve-2022-1388-exploitation.html

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 05/10/2022
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/05/2022
Reference url to background: https://github.com/jheeree/CVE-2022-1388-checker

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/06/2022
Reference url to background: https://github.com/MrCl0wnLab/Nuclei-Template-CVE-2022-1388-BIG-IP-iControl-REST-Exposed

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/07/2022
Reference url to background: https://github.com/TomArni680/CVE-2022-1388-RCE

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/08/2022
Reference url to background: https://github.com/blind-intruder/CVE-2022-1388-RCE-checker-and-POC-Exploit

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/09/2022
Reference url to background: https://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/09/2022
Reference url to background: https://github.com/sherlocksecurity/CVE-2022-1388-Exploit-POC

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/09/2022
Reference url to background: https://github.com/sherlocksecurity/CVE-2022-1388_F5_BIG-IP_RCE

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/09/2022
Reference url to background: https://github.com/Vulnmachines/F5-Big-IP-CVE-2022-1388

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/09/2022
Reference url to background: https://github.com/ZephrFish/F5-CVE-2022-1388-Exploit

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/10/2022
Reference url to background: https://github.com/Stonzyy/Exploit-F5-CVE-2022-1388

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/10/2022
Reference url to background: https://github.com/MrCl0wnLab/Nuclei-Template-Exploit-F5-BIG-IP-iControl-REST-Auth-Bypass-RCE-Command-Parameter

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/10/2022
Reference url to background: https://github.com/qusaialhaddad/F5-BigIP-CVE-2022-1388

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/10/2022
Reference url to background: https://github.com/thatonesecguy/CVE-2022-1388-Exploit

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/10/2022
Reference url to background: https://github.com/bandit92/CVE2022-1388_TestAPI

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/11/2022
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/f5_icontrol_rce.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/11/2022
Reference url to background: https://github.com/AmirHoseinTangsiriNET/CVE-2022-1388-Scanner

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/15/2022
Reference url to background: https://github.com/PsychoSec2/CVE-2022-1388-POC

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/22/2022
Reference url to background: https://github.com/XmasSnowISBACK/CVE-2022-1388

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/24/2022
Reference url to background: https://github.com/electr0lulz/Mass-CVE-2022-1388

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/30/2022
Reference url to background: http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/30/2022
Reference url to background: http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/30/2022
Reference url to background: http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html