Exploit for #VU62910 Missing Authentication for Critical Function in BIG-IP

Vulnerability identifier: #VU62910

Vulnerability risk: High

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2022-1388

CWE-ID: CWE-306

Exploitation vector: Network

Exploits in database: 63

• January 7, 2024
  • CVE-2022-1388-exploit (exploit poc) [Github]
• April 16, 2023
  • CVE-2022-1388-EXP (CVE-2022-1388 F5 BIG-IP RCE 批量检测) [Github]
• December 27, 2022
  • CVE-2022-1388 (-- FOR EDUCATIONAL USE ONLY -- Proof-of-Concept RCE for CVE-2022-1388, plus some added functionality for blue and red teams) [Github]
• December 22, 2022
  • CVE-2022-1388 () [Github]
• December 11, 2022
  • CVE-2022-1388 (Scan IP ranges for IP's vulnerable to the F5 Big IP exploit (CVE-2022-1388)) [Github]
• December 7, 2022
  • CVE-2022-1388 () [Github]
• November 30, 2022
  • CVE-2022-1388 () [Github]
• October 26, 2022
  • CVE-2022-1388 (cURL one-liner to test for CVE-2022-1388 BIG-IP iControl REST RCE) [Github]
  • CVE-2022-1388 (cURL one-liner to test for CVE-2022-1388 BIG-IP iControl REST RCE) [Github]
• October 2, 2022
  • CVE-2022-1388-RCE-checker () [Github]
• July 4, 2022
  • CVE-2022-1388 (CVE-2022-1388, bypassing iControl REST authentication) [Github]
• July 3, 2022
  • CVE-2022-1388_refresh (PoC for exploiting CVE-2022-1388 on BIG IP F5) [Github]
• June 24, 2022
  • Mass-CVE-2022-1388 (Mass-Exploit-CVE-2022-1388) [Github]
• June 21, 2022
  • CVE-2022-1388 (CVE-2022-1388 | F5 - Big IP Pre Auth RCE via '/mgmt/tm/util/bash' endpoint) [Github]
• May 29, 2022
  • F5-CVE-2022-1388-Exploit () [Github]
  • Exploit-F5-CVE-2022-1388 () [Github]
  • CVE-2022-1388-PocExp () [Github]
  • F5-BIG-IP-POC (CVE-2020-5902 CVE-2021-22986 CVE-2022-1388 POC集合) [Github]
• May 17, 2022
  • F5-BIG-IP-exploit (CVE-2022-1388) [Github]
  • CVE-2022-1388-rs (CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE written in Rust) [Github]
• May 16, 2022
  • CVE-2022-1388-POC (An Improved Proof of Concept for CVE-2022-1388 w/ an Interactive Shell) [Github]
  • CVE-2022-1388 (Tool for CVE-2022-1388 ) [Github]
  • CVE-2022-1388-Exploit-POC (PoC for CVE-2022-1388_F5_BIG-IP) [Github]
  • cve-2022-1388-iveresk-command-shell (Improved POC for CVE-2022-1388 that affects multiple F5 products.) [Github]
• May 14, 2022
  • F5 BIG-IP 16.0.x - Remote Code Execution (RCE) [Exploit-DB]
• May 12, 2022
  • CVE-2022-1388 () [Github]
  • F5 BIG-IP iControl RCE via REST Authentication Bypass [Metasploit]
• May 11, 2022
  • F5-BIG-IP-RCE-Check (CVE-2022-1388 F5 BIG-IP iControl Rest API exposed RCE Check) [Github]
  • CVE-2022-1388-RCE-checker () [Github]
  • CVE-2022-1388_F5_BIG-IP (PoC for CVE-2022-1388_F5_BIG-IP) [Github]
  • CVE-2022-1388-checker (Simple script realizado en bash, para revisión de múltiples hosts para CVE-2022-1388 (F5)) [Github]
  • CVE-2022-1388 (CVE-2022-1388 F5 BIG-IP iControl REST身份验证绕过漏洞) [Github]
  • CVE-2022-1388 (batch scan CVE-2022-1388) [Github]
  • CVE-2022-1388 (CVE-2022-1388) [Github]
  • CVE-2022-1388 () [Github]
  • CVE-2022-1388 (POC of CVE-2022-1388) [Github]
  • F5-BIG-IP-RCE-CVE-2022-1388 () [Github]
  • cve-2022-1388-1veresk (Simple shell script for the exploit) [Github]
  • CVE-2022-1388-F5-BIG-IP () [Github]
  • CVE-2022-1388-EXP (CVE-2022-1388-EXP可批量实现攻击) [Github]
  • CVE-2022-1388-Exploit (Test and Exploit Scripts for CVE 2022-1388 (F5 Big-IP)) [Github]
  • CVE2022-1388_TestAPI (A Test API for testing the POC against CVE-2022-1388) [Github]
  • CVE-2022-1388-PocExp (CVE-2022-1388-PocExp,新增了多线程,F5 BIG-IP RCE exploitation) [Github]
  • CVE-2022-1388 (CVE-2022-1388 POC exploit) [Github]
  • F5-BigIP-CVE-2022-1388 (Reverse Shell for CVE-2022-1388) [Github]
  • CVE-2022-1388 (CVE-2022-1388_goby_pocsuite3) [Github]
  • CVE-2022-1388_F5_BIG-IP_RCE (PoC for CVE-2022-1388_F5_BIG-IP) [Github]
  • CVE-2022-1388 (CVE-2022-1388 Scanner) [Github]
  • CVE-2022-1388 (CVE-2022-1388) [Github]
  • CVE-2022-1388 (CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE) [Github]
  • CVE-2022-1388-EXP (CVE-2022-1388 F5 BIG-IP RCE 批量检测) [Github]
  • CVE-2022-1388 () [Github]
  • CVE-2022-1388 (This repository consists of the python exploit for CVE-2022-1388 (F5's BIG-IP Authentication Bypass to RCE) ) [Github]
  • CVE-2022-1388 (BIG-IP iControl REST vulnerability CVE-2022-1388 PoC) [Github]
  • CVE-2022-1388-RCE-checker-and-POC-Exploit () [Github]
  • CVE-2022-1388-Scanner () [Github]
• May 10, 2022
  • CVE-2022-1388_PoC (F5 BIG-IP RCE exploitation (CVE-2022-1388)) [Github]
  • CVE-2022-1388 (F5 BIG-IP iControl REST身份验证绕过漏洞) [Github]
  • F5-Big-IP-CVE-2022-1388 (CVE-2022-1388 F5 Big IP unauth remote code execution) [Github]
  • CVE-2022-1388 (CVE-2022-1388 F5 BIG-IP iControl REST RCE) [Github]
  • Exploit-F5-CVE-2022-1388 (PoC For F5 BIG-IP - bash script Exploit one Liner) [Github]
  • Nuclei-Template-Exploit-F5-BIG-IP-iControl-REST-Auth-Bypass-RCE-Command-Parameter (CVE-2022-1388 is an authentication bypass vulnerability in the REST component of BIG-IP’s iControl API that was assigned a CVSSv3 score of 9.8. The iControl REST [Github]
  • CVE-2022-1388 (POC for CVE-2022-1388) [Github]

Vulnerable software:
BIG-IP
Hardware solutions / Firmware

Vendor: F5 Networks