CVE-2022-1388

Description from NVD

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Information Acquisition Date:2023-04-13T22:31Z
CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD References

 https://support.f5.com/csp/article/K23605346
     source:MISC
     tags:Mitigation    Vendor Advisory    
 http://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/167118/F5-BIG-IP-16.0.x-Remote-Code-Execution.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/167150/F5-BIG-IP-iControl-Remote-Code-Execution.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Apache(1 tweets) BIG-IP(12 tweets)

List of frequently cited URLs

URLNum of Times Referred to
http://twinybots.ch55
https://cvetrends.com49
https://lists.astaro.com/ASGV9-IPS-rules.html#028
https://www.randori.com/blog/vulnerability-analysis-cve-202...16
http://cyberiqs.com/latestnews10
https://securityaffairs.co/wordpress/131102/hacking/f5-big-...9
http://t.me/gobies8
https://htn.to/3B1kWBcJE87
https://tweetedtimes.com/thinksnews?s=tnp7
https://b.hatena.ne.jp/entry/s/www.itmedia.co.jp/news/artic...6
https://thehackernews.com/2022/05/f5-warns-of-new-critical-...6
https://unit42.paloaltonetworks.com/cve-2022-13886
https://opsmtrs.com/2ZFbaTl5
https://x.x.x.x:443/mgmt/tm/util/bash5
https://attackerkb.com/topics/SN5WCzYO7W/cve-2022-1388/rapi...5
https://us-cert.cisa.gov/ncas/current-activity/2022/05/18/t...5
https://www.synacktiv.com/publications/cve-2022-31813-forwa...5
https://www.securityweek.com/f5-big-ip-attacker-crosshairs-...5
http://$ip/mgmt/tm/util/bash4
https://github.com/jheeree/CVE-2022-1388-checker4
http://go.usa.gov/xuuWb4
https://fourcore.io/blogs/f5-big-ip-cve-2022-1388-unauthent...4
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/1...4
https://www.rapid7.com/blog/post/2022/05/09/active-exploita...4
https://www.horizon3.ai/f5-icontrol-rest-endpoint-authentic...4
https://cybersecurity.att.com/blogs/labs-research/rapidly-e...4
https://www.itsecuritynews.info/threat-actors-exploiting-f5...4
https://www.socinvestigation.com/detecting-and-preventing-f...4
https://bit.ly/3N2gJyH3
https://ift.tt/qIpiVJc3
https://vuldb.com/?ctiid.1991003
https://bfx.social/3yp9lt73
https://twitter.com/1ZRR4H/status/15221657189759221783
https://www.scythe.io/library/f5-big-ip-cve-2022-13883
https://www.shodan.io/search?query=http.title%3A%22BIG-IP%2...3
https://support.f5.com/csp/article/K236053463
https://www.reddit.com/r/netsec/comments/ulppoj/poc_for_cve...3
https://arstechnica.com/information-technology/2022/05/hack...3
https://bazaar.abuse.ch/browse/tag/CVE-2022-13883
https://nathandavison.com/blog/abusing-http-hop-by-hop-requ...3
https://blogs.jpcert.or.jp/ja/2022/09/bigip-exploit.html3
https://thestack.technology/critical-new-big-ip-vulnerabili...3
https://www.hackplayers.com/2022/05/explotacion-masiva-de-f...3
https://blog.segu-info.com.ar/2022/05/vulnerabilidad-critic...3
https://securityboulevard.com/2022/05/cve-2022-1388-critica...3
https://www.clone-systems.com/purchase-pci-compliance-scanning3
https://packetstormsecurity.com/files/167007/CVE-2022-1388-...3
https://securityforeveryone.com/tools/f5-big-ip-icontrol-re...3
https://www.helpnetsecurity.com/2022/05/05/cve-2022-13883
https://www.bleepingcomputer.com/news/security/f5-warns-of-...3
https://ipssignatures.appspot.com/?cve=CVE-2022-13883
https://informationsecuritybuzz.com/expert-comments/horizon...3

▼ Show Information from Twitter(21)

List of frequently cited URLs

URLNum of Times Referred to
twinybots.ch55
cvetrends.com49
lists.astaro.com28
www.randori.com16
cyberiqs.com10
securityaffairs.co9
t.me8
htn.to7
tweetedtimes.com7
b.hatena.ne.jp6
thehackernews.com6
unit42.paloaltonetworks.com6
opsmtrs.com5
x.x.x.x:4435
attackerkb.com5
us-cert.cisa.gov5
www.synacktiv.com5
www.securityweek.com5
$ip4
github.com4
go.usa.gov4
fourcore.io4
www.cisa.gov4
www.rapid7.com4
www.horizon3.ai4
cybersecurity.att.com4
www.itsecuritynews.info4
www.socinvestigation.com4
bit.ly3
ift.tt3
vuldb.com3
bfx.social3
twitter.com3
www.scythe.io3
www.shodan.io3
support.f5.com3
www.reddit.com3
arstechnica.com3
bazaar.abuse.ch3
nathandavison.com3
blogs.jpcert.or.jp3
thestack.technology3
www.hackplayers.com3
blog.segu-info.com.ar3
securityboulevard.com3
www.clone-systems.com3
packetstormsecurity.com3
securityforeveryone.com3
www.helpnetsecurity.com3
www.bleepingcomputer.com3
ipssignatures.appspot.com3
informationsecuritybuzz.com3

▼ Show Information from Twitter(21)

GitHub Search Results: Up to 10
NameURL
horizon3ai/CVE-2022-1388 https://github.com/horizon3ai/CVE-2022-1388
0xf4n9x/CVE-2022-1388 https://github.com/0xf4n9x/CVE-2022-1388
bytecaps/CVE-2022-1388-EXP https://github.com/bytecaps/CVE-2022-1388-EXP
alt3kx/CVE-2022-1388_PoC https://github.com/alt3kx/CVE-2022-1388_PoC
ZephrFish/F5-CVE-2022-1388-Exploit https://github.com/ZephrFish/F5-CVE-2022-1388-Exploit
numanturle/CVE-2022-1388 https://github.com/numanturle/CVE-2022-1388
sherlocksecurity/CVE-2022-1388-Exploit-POC https://github.com/sherlocksecurity/CVE-2022-1388-Exploit-POC
jheeree/CVE-2022-1388-checker https://github.com/jheeree/CVE-2022-1388-checker
Al1ex/CVE-2022-1388 https://github.com/Al1ex/CVE-2022-1388
Zeyad-Azima/CVE-2022-1388 https://github.com/Zeyad-Azima/CVE-2022-1388
GitHub Search Results: Up to 10
NameURL
horizon3ai/CVE-2022-1388 github.com
0xf4n9x/CVE-2022-1388 github.com
bytecaps/CVE-2022-1388-EXP github.com
alt3kx/CVE-2022-1388_PoC github.com
ZephrFish/F5-CVE-2022-1388-Exploit github.com
numanturle/CVE-2022-1388 github.com
sherlocksecurity/CVE-2022-1388-Exploit-POC github.com
jheeree/CVE-2022-1388-checker github.com
Al1ex/CVE-2022-1388 github.com
Zeyad-Azima/CVE-2022-1388 github.com
2023/04/16 Score : 0
Added Har-sia Database : 2022/05/05
Last Modified : 2023/04/16
Highest Scored Date : 2022/05/10
Highest Score : 326