漏洞平台

POC详情： 0d40f4edb0860dac3cad95412a1ecf3c828461e2

来源

https://github.com/MrCl0wnLab/Nuclei-Template-CVE-2022-1388-BIG-IP-iControl-REST-Exposed

关联漏洞

标题： F5 BIG-IP 访问控制错误漏洞 (CVE-2022-1388)
描述：F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP 存在访问控制错误漏洞，攻击者可以通过未公开的请求利用该漏洞绕过BIG-IP中的iControl REST身份验证来控制受影响的系统。

描述

This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.

介绍

# Nuclei Template CVE-2022-1388 BIG-IP iControl REST Exposed
* [ May 06, 2022 ] This only verifies the presence of the API by hitting the authentication endpoint 

This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.

![print](https://user-images.githubusercontent.com/17049332/166927576-81370d09-bfbf-48f5-9df3-f6f234684d4d.png)



### This template is a simple check
Send request:
- path 
  - {{BaseURL}}/mgmt/shared/authn/login
- matchers:
  - words:
      - "resterrorresponse"
      - "message"
  - status code:
    - 401

### POC Manual
```
curl -sk --max-time 2 "https://{TARGET}/mgmt/shared/authn/login" | egrep  "message|resterrorresponse" | jq
```
```json
{
    "code": 401,
    "message": "Authorization failed: no user authentication header or token detected. Uri:http://localhost:8100/mgmt/shared/authn/login   Referrer:xxx.xxx.177.228 Sender:xxx.xxx.177.228",
    "referer": "xxx.xxx.177.228",
    "restOperationId": 1461894338,
    "kind": ":resterrorresponse"
}
```

### Additional Details
- https://www.shodan.io/search?query=http.title%3A%22BIG-IP%26reg%3B-+Redirect%22

### References
- https://twitter.com/1ZRR4H/status/1522165718975922178
- https://support.f5.com/csp/article/K23605346
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1388
- https://clouddocs.f5.com/products/big-iq/mgmt-api/v5.4/ApiReferences/bigiq_api_ref/r_auth_login.html
- https://github.com/tenable/audit_files/tree/master/cve-2022-1388
- https://thehackernews.com/2022/05/f5-warns-of-new-critical-big-ip-remote.html

文件快照


 [4.0K]  /data/pocs/0d40f4edb0860dac3cad95412a1ecf3c828461e2
├── [ 958]  CVE-2022-1388.yaml
└── [1.7K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。