ID

VAR-202205-0394


CVE

CVE-2022-1388


TITLE

F5 BIG-IP Access control error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202205-2141

DESCRIPTION

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Trust: 1.08

sources: NVD: CVE-2022-1388 // VULHUB: VHN-419501 // VULMON: CVE-2022-1388

AFFECTED PRODUCTS

vendor:f5model:big-ip global traffic managerscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:ltversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:ltversion:14.1.4.6

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:ltversion:15.1.5.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:ltversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:ltversion:16.1.2.2

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:ltversion:16.1.2.2

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:ltversion:14.1.4.6

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:ltversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:ltversion:14.1.4.6

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:12.1.6

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:12.1.6

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:ltversion:16.1.2.2

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:ltversion:15.1.5.1

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:ltversion:14.1.4.6

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:12.1.6

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:ltversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:ltversion:16.1.2.2

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:ltversion:16.1.2.2

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:12.1.6

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:12.1.6

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:16.1.2.2

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:ltversion:16.1.2.2

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:ltversion:15.1.5.1

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:12.1.6

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:ltversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:15.1.5.1

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:ltversion:15.1.5.1

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:ltversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:ltversion:14.1.4.6

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip application security managerscope:ltversion:14.1.4.6

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:ltversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:ltversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:12.1.6

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:ltversion:14.1.4.6

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:ltversion:14.1.4.6

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:12.1.6

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:ltversion:16.1.2.2

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:ltversion:16.1.2.2

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:ltversion:15.1.5.1

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:ltversion:15.1.5.1

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:12.1.6

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:ltversion:15.1.5.1

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:ltversion:15.1.5.1

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:ltversion:16.1.2.2

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:ltversion:14.1.4.6

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:12.1.6

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:ltversion:15.1.5.1

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:ltversion:15.1.5.1

Trust: 1.0

vendor:f5model:big-ip link controllerscope:ltversion:13.1.5

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:12.1.6

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:ltversion:16.1.2.2

Trust: 1.0

vendor:f5model:big-ip analyticsscope:ltversion:14.1.4.6

Trust: 1.0

vendor:f5model:big-ip link controllerscope:ltversion:14.1.4.6

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:16.1.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:ltversion:13.1.4

Trust: 1.0

sources: NVD: CVE-2022-1388

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-1388
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202205-2141
value: CRITICAL

Trust: 0.6

VUL-HUB: VHN-419501
value: HIGH RISK

Trust: 0.1

VULMON: CVE-2022-1388
value: HIGH

Trust: 0.1

NVD: CVE-2022-1388
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.1

VULHUB: VHN-419501
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD: CVE-2022-1388
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-419501 // VULMON: CVE-2022-1388 // CNNVD: CNNVD-202205-2141 // NVD: CVE-2022-1388

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

sources: VULHUB: VHN-419501 // NVD: CVE-2022-1388

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2141

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202205-2141

CONFIGURATIONS

sources: NVD: CVE-2022-1388

PATCH

title:F5 BIG-IP Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=191844

Trust: 0.6

title: - url:https://github.com/zephrfish/f5-cve-2022-1388-exploit

Trust: 0.1

title: - url:https://github.com/iveresk/cve-2022-1388-1veresk

Trust: 0.1

title: - url:https://github.com/chocapikk/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/trhacknon/f5-cve-2022-1388-exploit

Trust: 0.1

title: - url:https://github.com/thatonesecguy/cve-2022-1388-exploit

Trust: 0.1

title: - url:https://github.com/hudi233/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/evillizard666/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/zeyad-azima/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/justakazh/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/iveresk/cve-2022-1388-iveresk-command-shell

Trust: 0.1

title: - url:https://github.com/linjacck/cve-2022-1388-exp

Trust: 0.1

title: - url:https://github.com/aodsec/cve-2022-1388-pocexp

Trust: 0.1

title: - url:https://github.com/saucer-man/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/f5networks/f5-azure-arm-templates

Trust: 0.1

title: - url:https://github.com/sherlocksecurity/cve-2022-1388-exploit-poc

Trust: 0.1

title: - url:https://github.com/tomarni680/cve-2022-1388-rce

Trust: 0.1

title: - url:https://github.com/bytecaps/f5-big-ip-rce-check

Trust: 0.1

title: - url:https://github.com/jheeree/cve-2022-1388-checker

Trust: 0.1

title: - url:https://github.com/exploitpwner/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/mrcl0wnlab/nuclei-template-exploit-f5-big-ip-icontrol-rest-auth-bypass-rce-command-parameter

Trust: 0.1

title: - url:https://github.com/shamo0/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/qusaialhaddad/f5-bigip-cve-2022-1388

Trust: 0.1

title: - url:https://github.com/f5networks/f5-azure-arm-templates-v2

Trust: 0.1

title: - url:https://github.com/f5networks/f5-google-gdm-templates-v2

Trust: 0.1

title: - url:https://github.com/mr-vill4in/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/secthebit/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/psychosec2/cve-2022-1388-poc

Trust: 0.1

title: - url:https://github.com/henry4e36/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/horizon3ai/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/mrcl0wnlab/nuclei-template-exploit-cve-2022-1388-big-ip-icontrol-rest

Trust: 0.1

title: - url:https://github.com/xt3heho29/20220718

Trust: 0.1

title: - url:https://github.com/blind-intruder/cve-2022-1388-rce-checker

Trust: 0.1

title: - url:https://github.com/0xf4n9x/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/superzerosec/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/bandit92/cve2022-1388_testapi

Trust: 0.1

title: - url:https://github.com/chesterblue/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/kuznyjan1972/cve-2022-1388-mass

Trust: 0.1

title: - url:https://github.com/xmassnowisback/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/aancw/cve-2022-1388-rs

Trust: 0.1

title: - url:https://github.com/trhacknon/cve-2022-1388-pocexp

Trust: 0.1

title: - url:https://github.com/numanturle/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/mrcl0wnlab/nuclei-template-cve-2022-1388-big-ip-icontrol-rest-exposed

Trust: 0.1

title: - url:https://github.com/exploitpwner/cve-2022-1388-big-ip-mass-exploit

Trust: 0.1

title: - url:https://github.com/getdrive/f5-big-ip-exploit

Trust: 0.1

title: - url:https://github.com/bushidouk/bushidouk

Trust: 0.1

title: - url:https://github.com/killvxk/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/vulnmachines/f5-big-ip-cve-2022-1388

Trust: 0.1

title: - url:https://github.com/bishopfox/bigip-scanner

Trust: 0.1

title: - url:https://github.com/amirhoseintangsirinet/cve-2022-1388-scanner

Trust: 0.1

title: - url:https://github.com/blind-intruder/exploit-cve

Trust: 0.1

title: - url:https://github.com/seciurdt/cve-2022-1388-mass

Trust: 0.1

title: - url:https://github.com/jbharucha05/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/luchoane/cve-2022-1388_refresh

Trust: 0.1

title: - url:https://github.com/blind-intruder/cve-2022-1388-rce-checker-and-poc-exploit

Trust: 0.1

title: - url:https://github.com/stonzyy/exploit-f5-cve-2022-1388

Trust: 0.1

title: - url:https://github.com/vesperp/cve-2022-1388-f5-big-ip

Trust: 0.1

title: - url:https://github.com/alt3kx/cve-2022-1388_poc

Trust: 0.1

title: - url:https://github.com/sherlocksecurity/cve-2022-1388_f5_big-ip

Trust: 0.1

title: - url:https://github.com/yukar1z0e/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/trhacknon/cve-2022-1388-rce-checker

Trust: 0.1

title: - url:https://github.com/f5networks/f5-aws-cloudformation-v2

Trust: 0.1

title: - url:https://github.com/hackeyes/cve-2022-1388-poc

Trust: 0.1

title: - url:https://github.com/trhacknon/exploit-f5-cve-2022-1388

Trust: 0.1

title: - url:https://github.com/wrin9/cve-2022-1388

Trust: 0.1

title: - url:https://github.com/psc4re/nuclei-templates

Trust: 0.1

title: - url:https://github.com/holyshitbruh/2022-2021-f5-big-ip-iq-rce

Trust: 0.1

title: - url:https://github.com/osyanina/westone-cve-2022-1388-scanner

Trust: 0.1

title: - url:https://github.com/holyshitbruh/20221-2021-f5-big-ip-iq-rce

Trust: 0.1

title: - url:https://github.com/ajq2679/personal-checkout-list

Trust: 0.1

title: - url:https://github.com/holyshitbruh/2022-2021-rce

Trust: 0.1

title: - url:https://github.com/west9b/f5-big-ip-poc

Trust: 0.1

title: - url:https://github.com/r0exper/edge_vul_2022

Trust: 0.1

title: - url:https://github.com/merlinepedra/redteam_toolkit

Trust: 0.1

title: - url:https://github.com/merlinepedra25/redteam_toolkit

Trust: 0.1

title: - url:https://github.com/superzerosec/poc-exploit-index

Trust: 0.1

title: - url:https://github.com/warriordog/little-log-scan

Trust: 0.1

title: - url:https://github.com/gotosec/penetration_testing_poc

Trust: 0.1

title: - url:https://github.com/jerry123s/all-poc

Trust: 0.1

title: - url:https://github.com/cyberanand1337x/bug-bounty-2022

Trust: 0.1

title:Threatposturl:https://threatpost.com/enemybot-malware-targets-web-servers-cms-tools-and-android-os/179765/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/cisa-tells-federal-agencies-to-fix-actively-exploited-f5-big-ip-bug/

Trust: 0.1

title:Threatposturl:https://threatpost.com/exploit-f5-big-ip-bug/179563/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/critical-f5-big-ip-vulnerability-exploited-to-wipe-devices/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/critical-f5-big-ip-vulnerability-targeted-by-destructive-attacks/

Trust: 0.1

title:Threatposturl:https://threatpost.com/f5-critical-bugbig-ip-systems/179514/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2022/07/27/palo_alto_unit_42/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/exploits-created-for-critical-f5-big-ip-flaw-install-patch-immediately/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2022/06/01/enemybot-botnet-exploits/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/cisa-shares-guidance-to-block-ongoing-f5-big-ip-attacks/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2022/05/06/cisco-f5-networking-vulnerabilities/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/f5-warns-of-critical-big-ip-rce-bug-allowing-device-takeover/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/hackers-exploiting-critical-f5-big-ip-flaw-to-drop-backdoors/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/hackers-exploiting-critical-f5-big-ip-bug-public-exploits-released/

Trust: 0.1

sources: VULMON: CVE-2022-1388 // CNNVD: CNNVD-202205-2141

EXTERNAL IDS

db:NVDid:CVE-2022-1388

Trust: 1.8

db:PACKETSTORMid:167007

Trust: 1.7

db:PACKETSTORMid:167150

Trust: 1.7

db:PACKETSTORMid:167118

Trust: 1.7

db:EXPLOIT-DBid:50932

Trust: 0.6

db:CS-HELPid:SB2022051005

Trust: 0.6

db:CXSECURITYid:WLB-2022050040

Trust: 0.6

db:CNNVDid:CNNVD-202205-2141

Trust: 0.6

db:VULHUBid:VHN-419501

Trust: 0.1

db:VULMONid:CVE-2022-1388

Trust: 0.1

sources: VULHUB: VHN-419501 // VULMON: CVE-2022-1388 // CNNVD: CNNVD-202205-2141 // NVD: CVE-2022-1388

REFERENCES

url:http://packetstormsecurity.com/files/167007/f5-big-ip-remote-code-execution.html

Trust: 2.3

url:http://packetstormsecurity.com/files/167150/f5-big-ip-icontrol-remote-code-execution.html

Trust: 2.3

url:https://support.f5.com/csp/article/k23605346

Trust: 1.7

url:http://packetstormsecurity.com/files/167118/f5-big-ip-16.0.x-remote-code-execution.html

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2022-1388/

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2022050040

Trust: 0.6

url:https://www.exploit-db.com/exploits/50932

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051005

Trust: 0.6

url:https://vigilance.fr/vulnerability/f5-big-ip-multiple-vulnerabilities-38241

Trust: 0.6

url:https://vigilance.fr/vulnerability/f5-big-ip-code-execution-via-icontrol-rest-38284

Trust: 0.6

url:cve-2022-1388

Trust: 0.2

url:167150

Trust: 0.1

url:167118

Trust: 0.1

url:167007

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/306.html

Trust: 0.1

url:https://threatpost.com/f5-critical-bugbig-ip-systems/179514/

Trust: 0.1

url:https://github.com/zephrfish/f5-cve-2022-1388-exploit

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-419501 // VULMON: CVE-2022-1388 // CNNVD: CNNVD-202205-2141 // NVD: CVE-2022-1388

CREDITS

Alt3kx

Trust: 0.6

sources: CNNVD: CNNVD-202205-2141

SOURCES

db:VULHUBid:VHN-419501
db:VULMONid:CVE-2022-1388
db:CNNVDid:CNNVD-202205-2141
db:NVDid:CVE-2022-1388

LAST UPDATE DATE

2022-10-04T01:13:05.313000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-419501date:2022-05-12T00:00:00
db:VULMONid:CVE-2022-1388date:2022-09-30T00:00:00
db:CNNVDid:CNNVD-202205-2141date:2022-05-16T00:00:00
db:NVDid:CVE-2022-1388date:2022-09-30T02:27:00

SOURCES RELEASE DATE

db:VULHUBid:VHN-419501date:2022-05-05T00:00:00
db:VULMONid:CVE-2022-1388date:2022-05-05T00:00:00
db:CNNVDid:CNNVD-202205-2141date:2022-05-04T00:00:00
db:NVDid:CVE-2022-1388date:2022-05-05T17:15:00