/CVE-2022-1388

CVE-2022-1388 | F5 - Big IP Pre Auth RCE via '/mgmt/tm/util/bash' endpoint

Primary LanguagePython

F5-CVE-2022-1388-Exploit

Exploit and Check Script for CVE 2022-1388

Usage

bash
     _____  _   _  _____        _____  _____  _____  _____        __   _____  _____  _____ 
    /  __ \| | | ||  ___|      / __  \|  _  |/ __  \/ __  \      /  | |____ ||  _  ||  _  |
    | /  \/| | | || |__  ______`' / /'| |/' |`' / /'`' / /'______`| |     / / \ V /  \ V / 
    | |    | | | ||  __||______| / /  |  /| |  / /    / / |______|| |     \ \ / _ \  / _ \ 
    | \__/\ \_/ /| |___       ./ /___\ |_/ /./ /___./ /___      _| |_.___/ /| |_| || |_| |
     \____/ \___/ \____/       \_____/ \___/ \_____/\_____/      \___/\____/ \_____ \_____/                                         
                                                      
    

    CVE-2022-1388 F5 Exploit [ Valentin Lobstein ]
    Usage:
            Exploit Host: python3 CVE_2022_1388.py -u target_url -c command 
            Exploit List: python3 CVE_2022_1388.py -f file -c command
            ( Command is not required )

Detection:

Scanning for /mgmt/tm/util/bash as an endpoint, likely to be in web server logs. Or if you have a F5 go patch it, the affected versions are shown below and the patch is available here https://support.f5.com/csp/article/K23605346

Zoomeye Dork:


zoomeye search 'banner:"BIG-IP Configuration Utility"'  -num 1000  -filter=ip,port
zoomeye search 'title:"BIG-IP®-+Redirect"+"Server"'  -num 10  -filter=ip,port


Shodan Dork:


shodan  search 'http.html:"BIG-IP Configuration Utility"' --fields=ip_str,port --separator ":" --limit 10 | grep ''
shodan  search 'http.title:"BIG-IP®-+Redirect"+"Server"' --fields=ip_str,port --separator ":" --limit 10 | grep ''

Vulnerable Versions

  • BIG-IP versions 16.1.0 to 16.1.2 (Patch released)
  • BIG-IP versions 15.1.0 to 15.1.5 (Patch released)
  • BIG-IP versions 14.1.0 to 14.1.4 (Patch released)
  • BIG-IP versions 13.1.0 to 13.1.4 (Patch released)
  • BIG-IP versions 12.1.0 to 12.1.6 (End of Support)
  • BIG-IP versions 11.6.1 to 11.6.5 (End of Support)