Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager CVE-2022-1388

Name: Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager CVE-2022-1388
Rating: 5 (284 reviews)

2024-01-09 | CVSS 9.8

## https://sploitus.com/exploit?id=A6CCA51E-2A51-52B2-A2E6-4518F7790F37
# CVE-2022-1388
PoC for CVE-2022-1388 affecting F5 BIG-IP.

# Usage
```
$ ./poc.sh --help
Usage: poc.sh [--help] --file FILE --scan --exploit [--payload PAYLOAD] 

CVE-2022-1388 PoC script.
One or multiple IPs can be scanned.

Arguments:
  --help                   Show this help message and exit.
  --file FILE              File list containing one or multiple IPs to test.
  --scan                   Scan the target IPs.
  --exploit                Exploit the target IPs.
  --payload PAYLOAD        Payload to be executed (default command "whoami").
```

# References
- https://nvd.nist.gov/vuln/detail/CVE-2022-1388
- https://my.f5.com/manage/s/article/K23605346