# N/A
## 漏洞概述
F5 BIG-IP 在多个版本中存在未公开的请求绕过 iControl REST 认证的问题。
## 影响版本
- 16.1.x 版本:16.1.2.2 之前的版本
- 15.1.x 版本:15.1.5.1 之前的版本
- 14.1.x 版本:14.1.4.6 之前的版本
- 13.1.x 版本:13.1.5 之前的版本
- 12.1.x 版本:所有版本
- 11.6.x 版本:所有版本
## 漏洞细节
未经身份验证的请求可以绕过 iControl REST 认证机制。
## 影响
该漏洞允许攻击者未经授权进行访问和操作,可能对系统的安全性和稳定性造成严重影响。
是否为 Web 类漏洞: 未知
判断理由:
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388 | https://github.com/numanturle/CVE-2022-1388 | POC详情 |
| 2 | Simple script realizado en bash, para revisión de múltiples hosts para CVE-2022-1388 (F5) | https://github.com/jheeree/CVE-2022-1388-checker | POC详情 |
| 3 | This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only. | https://github.com/MrCl0wnLab/Nuclei-Template-CVE-2022-1388-BIG-IP-iControl-REST-Exposed | POC详情 |
| 4 | A vulnerability scanner that detects CVE-2021-21980 vulnerabilities. | https://github.com/Osyanina/westone-CVE-2022-1388-scanner | POC详情 |
| 5 | CVE-2022-1388 F5 BIG-IP RCE 批量检测 | https://github.com/doocop/CVE-2022-1388-EXP | POC详情 |
| 6 | None | https://github.com/blind-intruder/CVE-2022-1388-RCE-checker-and-POC-Exploit | POC详情 |
| 7 | None | https://github.com/Hudi233/CVE-2022-1388 | POC详情 |
| 8 | PoC for CVE-2022-1388_F5_BIG-IP | https://github.com/sherlocksecurity/CVE-2022-1388-Exploit-POC | POC详情 |
| 9 | batch scan CVE-2022-1388 | https://github.com/yukar1z0e/CVE-2022-1388 | POC详情 |
| 10 | CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE | https://github.com/0xf4n9x/CVE-2022-1388 | POC详情 |
| 11 | F5 BIG-IP RCE exploitation (CVE-2022-1388) | https://github.com/alt3kx/CVE-2022-1388_PoC | POC详情 |
| 12 | CVE-2022-1388 F5 Big IP unauth remote code execution | https://github.com/Vulnmachines/F5-Big-IP-CVE-2022-1388 | POC详情 |
| 13 | Exploit and Check Script for CVE 2022-1388 | https://github.com/ZephrFish/F5-CVE-2022-1388-Exploit | POC详情 |
| 14 | POC for CVE-2022-1388 | https://github.com/horizon3ai/CVE-2022-1388 | POC详情 |
| 15 | CVE-2022-1388 F5 BIG-IP iControl REST RCE | https://github.com/Al1ex/CVE-2022-1388 | POC详情 |
| 16 | F5 BIG-IP iControl REST身份验证绕过漏洞 | https://github.com/Henry4E36/CVE-2022-1388 | POC详情 |
| 17 | CVE-2022-1388 F5 BIG-IP iControl REST身份验证绕过漏洞 | https://github.com/savior-only/CVE-2022-1388 | POC详情 |
| 18 | CVE-2022-1388 | https://github.com/saucer-man/CVE-2022-1388 | POC详情 |
| 19 | CVE-2022-1388 POC exploit | https://github.com/superzerosec/CVE-2022-1388 | POC详情 |
| 20 | PoC For F5 BIG-IP - bash script Exploit one Liner | https://github.com/Stonzyy/Exploit-F5-CVE-2022-1388 | POC详情 |
| 21 | CVE-2022-1388 is an authentication bypass vulnerability in the REST component of BIG-IP’s iControl API that was assigned a CVSSv3 score of 9.8. The iControl REST API is used for the management and configuration of BIG-IP devices. CVE-2022-1388 could be exploited by an unauthenticated attacker with network access to the management port or self IP addresses of devices that use BIG-IP. Exploitation would allow the attacker to execute arbitrary system commands, create and delete files and disable services. | https://github.com/MrCl0wnLab/Nuclei-Template-Exploit-F5-BIG-IP-iControl-REST-Auth-Bypass-RCE-Command-Parameter | POC详情 |
| 22 | Reverse Shell for CVE-2022-1388 | https://github.com/qusaialhaddad/F5-BigIP-CVE-2022-1388 | POC详情 |
| 23 | POC of CVE-2022-1388 | https://github.com/chesterblue/CVE-2022-1388 | POC详情 |
| 24 | None | https://github.com/Angus-Team/F5-BIG-IP-RCE-CVE-2022-1388 | POC详情 |
| 25 | CVE-2022-1388-EXP可批量实现攻击 | https://github.com/LinJacck/CVE-2022-1388-EXP | POC详情 |
| 26 | Simple shell script for the exploit | https://github.com/iveresk/cve-2022-1388-1veresk | POC详情 |
| 27 | BIG-IP iControl REST vulnerability CVE-2022-1388 PoC | https://github.com/shamo0/CVE-2022-1388 | POC详情 |
| 28 | None | https://github.com/vesperp/CVE-2022-1388-F5-BIG-IP | POC详情 |
| 29 | Test and Exploit Scripts for CVE 2022-1388 (F5 Big-IP) | https://github.com/thatonesecguy/CVE-2022-1388-Exploit | POC详情 |
| 30 | A Test API for testing the POC against CVE-2022-1388 | https://github.com/bandit92/CVE2022-1388_TestAPI | POC详情 |
| 31 | CVE-2022-1388-PocExp,新增了多线程,F5 BIG-IP RCE exploitation | https://github.com/aodsec/CVE-2022-1388-PocExp | POC详情 |
| 32 | None | https://github.com/0xAgun/CVE-2022-1388 | POC详情 |
| 33 | None | https://github.com/AmirHoseinTangsiriNET/CVE-2022-1388-Scanner | POC详情 |
| 34 | CVE-2022-1388 Scanner | https://github.com/EvilLizard666/CVE-2022-1388 | POC详情 |
| 35 | CVE-2022-1388 | https://github.com/mr-vill4in/CVE-2022-1388 | POC详情 |
| 36 | This repository consists of the python exploit for CVE-2022-1388 (F5's BIG-IP Authentication Bypass to RCE) | https://github.com/omnigodz/CVE-2022-1388 | POC详情 |
| 37 | None | https://github.com/pauloink/CVE-2022-1388 | POC详情 |
| 38 | Nuclei Template for CVE-2022-1388 | https://github.com/SecTheBit/CVE-2022-1388 | POC详情 |
| 39 | F5 BIG-IP iControl REST vulnerability RCE exploit with Java including a testing LAB | https://github.com/Zeyad-Azima/CVE-2022-1388 | POC详情 |
| 40 | Tool for CVE-2022-1388 | https://github.com/justakazh/CVE-2022-1388 | POC详情 |
| 41 | An Improved Proof of Concept for CVE-2022-1388 w/ an Interactive Shell | https://github.com/PsychoSec2/CVE-2022-1388-POC | POC详情 |
| 42 | Improved POC for CVE-2022-1388 that affects multiple F5 products. | https://github.com/iveresk/cve-2022-1388-iveresk-command-shell | POC详情 |
| 43 | None | https://github.com/Wrin9/CVE-2022-1388 | POC详情 |
| 44 | CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE written in Rust | https://github.com/aancw/CVE-2022-1388-rs | POC详情 |
| 45 | CVE-2020-5902 CVE-2021-22986 CVE-2022-1388 POC集合 | https://github.com/west9b/F5-BIG-IP-POC | POC详情 |
| 46 | CVE-2022-1388 | https://github.com/sashka3076/F5-BIG-IP-exploit | POC详情 |
| 47 | CVE-2022-1388 | F5 - Big IP Pre Auth RCE via '/mgmt/tm/util/bash' endpoint | https://github.com/li8u99/CVE-2022-1388 | POC详情 |
| 48 | Mass-Exploit-CVE-2022-1388 | https://github.com/electr0lulz/Mass-CVE-2022-1388 | POC详情 |
| 49 | PoC for exploiting CVE-2022-1388 on BIG IP F5 | https://github.com/Luchoane/CVE-2022-1388_refresh | POC详情 |
| 50 | CVE-2022-1388, bypassing iControl REST authentication | https://github.com/jbharucha05/CVE-2022-1388 | POC详情 |
| 51 | cURL one-liner to test for CVE-2022-1388 BIG-IP iControl REST RCE | https://github.com/On-Cyber-War/CVE-2022-1388 | POC详情 |
| 52 | cURL one-liner to test for CVE-2022-1388 BIG-IP iControl REST RCE | https://github.com/OnCyberWar/CVE-2022-1388 | POC详情 |
| 53 | None | https://github.com/revanmalang/CVE-2022-1388 | POC详情 |
| 54 | None | https://github.com/amitlttwo/CVE-2022-1388 | POC详情 |
| 55 | Scan IP ranges for IP's vulnerable to the F5 Big IP exploit (CVE-2022-1388) | https://github.com/M4fiaB0y/CVE-2022-1388 | POC详情 |
| 56 | None | https://github.com/devengpk/CVE-2022-1388 | POC详情 |
| 57 | -- FOR EDUCATIONAL USE ONLY -- Proof-of-Concept RCE for CVE-2022-1388, plus some added functionality for blue and red teams | https://github.com/vaelwolf/CVE-2022-1388 | POC详情 |
| 58 | F5 BIG-IP Exploit Using CVE-2022-1388 and CVE-2022-41800 | https://github.com/j-baines/tippa-my-tongue | POC详情 |
| 59 | F5-BIG-IP Remote Code Execution Vulnerability CVE-2022-1388: A Case Study | https://github.com/SudeepaShiranthaka/F5-BIG-IP-Remote-Code-Execution-Vulnerability-CVE-2022-1388-A-Case-Study | POC详情 |
| 60 | CVE-2022-1388 - F5 Router RCE Replica | https://github.com/battleofthebots/refresh | POC详情 |
| 61 | CVE-2022-1388-PocExp,新增了多线程,F5 BIG-IP RCE exploitation | https://github.com/0x7eTeam/CVE-2022-1388-PocExp | POC详情 |
| 62 | exploit poc | https://github.com/nvk0x/CVE-2022-1388-exploit | POC详情 |
| 63 | PoC for CVE-2022-1388 affecting F5 BIG-IP. | https://github.com/nico989/CVE-2022-1388 | POC详情 |
| 64 | A remote code execution vulnerability exists in the iControl REST API feature of F5's BIG-IP product. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges. | https://github.com/gotr00t0day/CVE-2022-1388 | POC详情 |
| 65 | CVE-2022-1388 | F5 - Big IP Pre Auth RCE via '/mgmt/tm/util/bash' endpoint | https://github.com/Chocapikk/CVE-2022-1388 | POC详情 |
| 66 | cURL one-liner to test for CVE-2022-1388 BIG-IP iControl REST RCE | https://github.com/forktheplanet/CVE-2022-1388 | POC详情 |
| 67 | Old weaponized CVE-2022-1388 exploit. | https://github.com/impost0r/CVE-2022-1388 | POC详情 |
| 68 | None | https://github.com/XiaomingX/CVE-2022-1388-poc | POC详情 |
| 69 | None | https://github.com/XiaomingX/cve-2022-1388-poc | POC详情 |
| 70 | F5 BIG-IP iControl REST API discovered and may be vulnerable to an authentication bypass (not tested). | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposed-panels/bigip-rest-panel.yaml | POC详情 |
| 71 | F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, may allow undisclosed requests to bypass iControl REST authentication. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-1388.yaml | POC详情 |
| 72 | None | https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/F5%20BIG-IP%20iControl%20REST%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2022-1388.md | POC详情 |
| 73 | None | https://github.com/r0otk3r/CVE-2022-1388 | POC详情 |
| 74 | cURL one-liner to test for CVE-2022-1388 BIG-IP iControl REST RCE | https://github.com/ThinkingOffensively/CVE-2022-1388 | POC详情 |
暂无评论