CVE-2022-1388: CVE-2022-1388

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-1388

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

关键功能的认证机制缺失

Source: NVD (National Vulnerability Database)

Vulnerability Title

F5 BIG-IP 访问控制错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP 存在访问控制错误漏洞，攻击者可以通过未公开的请求利用该漏洞绕过BIG-IP中的iControl REST身份验证来控制受影响的系统。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
F5	BIG-IP	17.0.0 ~ 17.0.x*	-

II. Public POCs for CVE-2022-1388

#	POC Description	Source Link	Shenlong Link
1	K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388	https://github.com/numanturle/CVE-2022-1388	POC Details
2	Simple script realizado en bash, para revisión de múltiples hosts para CVE-2022-1388 (F5)	https://github.com/jheeree/CVE-2022-1388-checker	POC Details
3	This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.	https://github.com/MrCl0wnLab/Nuclei-Template-CVE-2022-1388-BIG-IP-iControl-REST-Exposed	POC Details
4	A vulnerability scanner that detects CVE-2021-21980 vulnerabilities.	https://github.com/Osyanina/westone-CVE-2022-1388-scanner	POC Details
5	CVE-2022-1388 F5 BIG-IP RCE 批量检测	https://github.com/doocop/CVE-2022-1388-EXP	POC Details
6	None	https://github.com/blind-intruder/CVE-2022-1388-RCE-checker-and-POC-Exploit	POC Details
7	None	https://github.com/Hudi233/CVE-2022-1388	POC Details
8	PoC for CVE-2022-1388_F5_BIG-IP	https://github.com/sherlocksecurity/CVE-2022-1388-Exploit-POC	POC Details
9	batch scan CVE-2022-1388	https://github.com/yukar1z0e/CVE-2022-1388	POC Details
10	CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE	https://github.com/0xf4n9x/CVE-2022-1388	POC Details
11	F5 BIG-IP RCE exploitation (CVE-2022-1388)	https://github.com/alt3kx/CVE-2022-1388_PoC	POC Details
12	CVE-2022-1388 F5 Big IP unauth remote code execution	https://github.com/Vulnmachines/F5-Big-IP-CVE-2022-1388	POC Details
13	Exploit and Check Script for CVE 2022-1388	https://github.com/ZephrFish/F5-CVE-2022-1388-Exploit	POC Details
14	POC for CVE-2022-1388	https://github.com/horizon3ai/CVE-2022-1388	POC Details
15	CVE-2022-1388 F5 BIG-IP iControl REST RCE	https://github.com/Al1ex/CVE-2022-1388	POC Details
16	F5 BIG-IP iControl REST身份验证绕过漏洞	https://github.com/Henry4E36/CVE-2022-1388	POC Details
17	CVE-2022-1388 F5 BIG-IP iControl REST身份验证绕过漏洞	https://github.com/savior-only/CVE-2022-1388	POC Details
18	CVE-2022-1388	https://github.com/saucer-man/CVE-2022-1388	POC Details
19	CVE-2022-1388 POC exploit	https://github.com/superzerosec/CVE-2022-1388	POC Details
20	PoC For F5 BIG-IP - bash script Exploit one Liner	https://github.com/Stonzyy/Exploit-F5-CVE-2022-1388	POC Details
21	CVE-2022-1388 is an authentication bypass vulnerability in the REST component of BIG-IP’s iControl API that was assigned a CVSSv3 score of 9.8. The iControl REST API is used for the management and configuration of BIG-IP devices. CVE-2022-1388 could be exploited by an unauthenticated attacker with network access to the management port or self IP addresses of devices that use BIG-IP. Exploitation would allow the attacker to execute arbitrary system commands, create and delete files and disable services.	https://github.com/MrCl0wnLab/Nuclei-Template-Exploit-F5-BIG-IP-iControl-REST-Auth-Bypass-RCE-Command-Parameter	POC Details
22	Reverse Shell for CVE-2022-1388	https://github.com/qusaialhaddad/F5-BigIP-CVE-2022-1388	POC Details
23	POC of CVE-2022-1388	https://github.com/chesterblue/CVE-2022-1388	POC Details
24	None	https://github.com/Angus-Team/F5-BIG-IP-RCE-CVE-2022-1388	POC Details
25	CVE-2022-1388-EXP可批量实现攻击	https://github.com/LinJacck/CVE-2022-1388-EXP	POC Details
26	Simple shell script for the exploit	https://github.com/iveresk/cve-2022-1388-1veresk	POC Details
27	BIG-IP iControl REST vulnerability CVE-2022-1388 PoC	https://github.com/shamo0/CVE-2022-1388	POC Details
28	None	https://github.com/vesperp/CVE-2022-1388-F5-BIG-IP	POC Details
29	Test and Exploit Scripts for CVE 2022-1388 (F5 Big-IP)	https://github.com/thatonesecguy/CVE-2022-1388-Exploit	POC Details
30	A Test API for testing the POC against CVE-2022-1388	https://github.com/bandit92/CVE2022-1388_TestAPI	POC Details
31	CVE-2022-1388-PocExp,新增了多线程,F5 BIG-IP RCE exploitation	https://github.com/aodsec/CVE-2022-1388-PocExp	POC Details
32	None	https://github.com/0xAgun/CVE-2022-1388	POC Details
33	None	https://github.com/AmirHoseinTangsiriNET/CVE-2022-1388-Scanner	POC Details
34	CVE-2022-1388 Scanner	https://github.com/EvilLizard666/CVE-2022-1388	POC Details
35	CVE-2022-1388	https://github.com/mr-vill4in/CVE-2022-1388	POC Details
36	This repository consists of the python exploit for CVE-2022-1388 (F5's BIG-IP Authentication Bypass to RCE)	https://github.com/omnigodz/CVE-2022-1388	POC Details
37	None	https://github.com/pauloink/CVE-2022-1388	POC Details
38	Nuclei Template for CVE-2022-1388	https://github.com/SecTheBit/CVE-2022-1388	POC Details
39	F5 BIG-IP iControl REST vulnerability RCE exploit with Java including a testing LAB	https://github.com/Zeyad-Azima/CVE-2022-1388	POC Details
40	Tool for CVE-2022-1388	https://github.com/justakazh/CVE-2022-1388	POC Details
41	An Improved Proof of Concept for CVE-2022-1388 w/ an Interactive Shell	https://github.com/PsychoSec2/CVE-2022-1388-POC	POC Details
42	Improved POC for CVE-2022-1388 that affects multiple F5 products.	https://github.com/iveresk/cve-2022-1388-iveresk-command-shell	POC Details
43	None	https://github.com/Wrin9/CVE-2022-1388	POC Details
44	CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE written in Rust	https://github.com/aancw/CVE-2022-1388-rs	POC Details
45	CVE-2020-5902 CVE-2021-22986 CVE-2022-1388 POC集合	https://github.com/west9b/F5-BIG-IP-POC	POC Details
46	CVE-2022-1388	https://github.com/sashka3076/F5-BIG-IP-exploit	POC Details
47	CVE-2022-1388 \| F5 - Big IP Pre Auth RCE via '/mgmt/tm/util/bash' endpoint	https://github.com/li8u99/CVE-2022-1388	POC Details
48	Mass-Exploit-CVE-2022-1388	https://github.com/electr0lulz/Mass-CVE-2022-1388	POC Details
49	PoC for exploiting CVE-2022-1388 on BIG IP F5	https://github.com/Luchoane/CVE-2022-1388_refresh	POC Details
50	CVE-2022-1388, bypassing iControl REST authentication	https://github.com/jbharucha05/CVE-2022-1388	POC Details
51	cURL one-liner to test for CVE-2022-1388 BIG-IP iControl REST RCE	https://github.com/On-Cyber-War/CVE-2022-1388	POC Details
52	cURL one-liner to test for CVE-2022-1388 BIG-IP iControl REST RCE	https://github.com/OnCyberWar/CVE-2022-1388	POC Details
53	None	https://github.com/revanmalang/CVE-2022-1388	POC Details
54	None	https://github.com/amitlttwo/CVE-2022-1388	POC Details
55	Scan IP ranges for IP's vulnerable to the F5 Big IP exploit (CVE-2022-1388)	https://github.com/M4fiaB0y/CVE-2022-1388	POC Details
56	None	https://github.com/devengpk/CVE-2022-1388	POC Details
57	-- FOR EDUCATIONAL USE ONLY -- Proof-of-Concept RCE for CVE-2022-1388, plus some added functionality for blue and red teams	https://github.com/vaelwolf/CVE-2022-1388	POC Details
58	F5 BIG-IP Exploit Using CVE-2022-1388 and CVE-2022-41800	https://github.com/j-baines/tippa-my-tongue	POC Details
59	F5-BIG-IP Remote Code Execution Vulnerability CVE-2022-1388: A Case Study	https://github.com/SudeepaShiranthaka/F5-BIG-IP-Remote-Code-Execution-Vulnerability-CVE-2022-1388-A-Case-Study	POC Details
60	CVE-2022-1388 - F5 Router RCE Replica	https://github.com/battleofthebots/refresh	POC Details
61	CVE-2022-1388-PocExp,新增了多线程,F5 BIG-IP RCE exploitation	https://github.com/0x7eTeam/CVE-2022-1388-PocExp	POC Details
62	exploit poc	https://github.com/nvk0x/CVE-2022-1388-exploit	POC Details
63	PoC for CVE-2022-1388 affecting F5 BIG-IP.	https://github.com/nico989/CVE-2022-1388	POC Details
64	A remote code execution vulnerability exists in the iControl REST API feature of F5's BIG-IP product. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges.	https://github.com/gotr00t0day/CVE-2022-1388	POC Details
65	CVE-2022-1388 \| F5 - Big IP Pre Auth RCE via '/mgmt/tm/util/bash' endpoint	https://github.com/Chocapikk/CVE-2022-1388	POC Details
66	cURL one-liner to test for CVE-2022-1388 BIG-IP iControl REST RCE	https://github.com/forktheplanet/CVE-2022-1388	POC Details
67	Old weaponized CVE-2022-1388 exploit.	https://github.com/impost0r/CVE-2022-1388	POC Details
68	None	https://github.com/XiaomingX/CVE-2022-1388-poc	POC Details
69	None	https://github.com/XiaomingX/cve-2022-1388-poc	POC Details
70	F5 BIG-IP iControl REST API discovered and may be vulnerable to an authentication bypass (not tested).	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposed-panels/bigip-rest-panel.yaml	POC Details
71	F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, may allow undisclosed requests to bypass iControl REST authentication.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-1388.yaml	POC Details
72	None	https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/F5%20BIG-IP%20iControl%20REST%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2022-1388.md	POC Details
73	None	https://github.com/r0otk3r/CVE-2022-1388	POC Details
74	cURL one-liner to test for CVE-2022-1388 BIG-IP iControl REST RCE	https://github.com/ThinkingOffensively/CVE-2022-1388	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-1388

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: BIG-IP

Same vendor: F5

Same weakness: CWE-306

V. Comments for CVE-2022-1388

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2022-1388

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-1388

III. Intelligence Information for CVE-2022-1388

IV. Related Vulnerabilities

V. Comments for CVE-2022-1388

Leave a comment