MrCl0wnLab / Nuclei-Template-CVE-2022-1388-BIG-IP-iControl-REST-Exposed

This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Nuclei Template CVE-2022-1388 BIG-IP iControl REST Exposed

  • [ May 06, 2022 ] This only verifies the presence of the API by hitting the authentication endpoint

This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.

print

This template is a simple check

Send request:

  • path
    • {{BaseURL}}/mgmt/shared/authn/login
  • matchers:
    • words:
      • "resterrorresponse"
      • "message"
    • status code:
      • 401

POC Manual

curl -sk --max-time 2 "https://{TARGET}/mgmt/shared/authn/login" | egrep  "message|resterrorresponse" | jq
{
    "code": 401,
    "message": "Authorization failed: no user authentication header or token detected. Uri:http://localhost:8100/mgmt/shared/authn/login   Referrer:xxx.xxx.177.228 Sender:xxx.xxx.177.228",
    "referer": "xxx.xxx.177.228",
    "restOperationId": 1461894338,
    "kind": ":resterrorresponse"
}

Additional Details

References

About

This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.