F5 BIG-IP - Remote Code Execution (CVE-2022-1388)
- Severity
- CVSSv3 Score
- 9.8
- Exploitable with Sniper
- Yes
- Vulnerability description
F5 BIG-IP server is affected by a Remote Code Execution vulnerability, located in the iControl REST interface endpoint, which is publicly accessible. The root cause of this vulnerability consists in an authentication bypassing flaw. This allows an unauthenticated malicious attacker to execute arbitrary system commands on the server.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the F5 BIG-IP server in order to steal confidential information, install ransomware or pivot to the internal network.
- Recommendation
Upgrade F5 BIG-IP server to the latest version or to a non-vulnerable version listed in K23605346.
- References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1388
https://support.f5.com/csp/article/K23605346- Detectable with
- Network Scanner
- Vuln date
- May 2022
- Published at
- Updated at
- Software Type
- VPN gateway
- Vendor
- F5
- Product
- BIG IP
- Codename
- Not available
