Giters

hackeyes / CVE-2022-1388-POC

BIG-IP iCONTROL REST AUTH BYPASS RCE POC CVE-2022-1388

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2022-1388-POC

BIG-IP iCONTROL REST API AUTH BYPASS /RCE EXPLOIT BIG-IP RCE 2022

DETAILS:

THE iCONTROL REST API Of BIG-IP cantain a flaw with a CVE score of 9.8 that sending a (REDACTED) request to auth backend will bypass the auth and can execute arbitrary system commands,create or delete files

MITIGATION:

https://support.f5.com/csp/article/K23605346 only 12.x and 11.x will not recieve the update(need manualy mitigations) as an advice block icontrol rest access through the self ip

this exploit is been restricked to 3 copies to avoid abuse

the script supports ip/ip-list and is multithreaded https://satoshidisk.com/pay/CFMVKB

About

BIG-IP iCONTROL REST AUTH BYPASS RCE POC CVE-2022-1388

Languages

Language:Python 100.0%