Skip to content

Latest commit

 

History

History
15 lines (13 loc) · 652 Bytes

README.md

File metadata and controls

15 lines (13 loc) · 652 Bytes

CVE-2022-1388-POC

BIG-IP iCONTROL REST API AUTH BYPASS /RCE EXPLOIT BIG-IP RCE 2022

DETAILS:

THE iCONTROL REST API Of BIG-IP cantain a flaw with a CVE score of 9.8 that sending a (REDACTED) request to auth backend will bypass the auth and can execute arbitrary system commands,create or delete files

MITIGATION:

https://support.f5.com/csp/article/K23605346 only 12.x and 11.x will not recieve the update(need manualy mitigations) as an advice block icontrol rest access through the self ip

this exploit is been restricked to 3 copies to avoid abuse

the script supports ip/ip-list and is multithreaded https://satoshidisk.com/pay/CFMVKB