Main Vulnerability Database Exploits ID:9489 - Exploit for Missing Authentication for Critical Function in BIG-IP - CVE-2022-1388

ID:9489 - Exploit for Missing Authentication for Critical Function in BIG-IP - CVE-2022-1388

Published: January 7, 2024

Vulnerability identifier: #VU62910

Vulnerability risk: High

CVE-ID: CVE-2022-1388

CWE-ID: CWE-306

Exploitation vector: Remote access

Vulnerable software:
BIG-IP

Link to public exploit:

https://github.com/nvk0x/CVE-2022-1388-exploit

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing authentication in iControl REST API at "/mgmt/tm/util/bash". A remote non-authenticated attacker can send a specially crafted HTTP POST request to the management port and/or self IP addresses and execute arbitrary commands on the system.

Successful exploitation of the vulnerability may result in full system compromise.

Remediation

Install updates from vendor's website.

ID:9489 - Exploit for Missing Authentication for Critical Function in BIG-IP - CVE-2022-1388

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human