ID: CVE-2022-1388

Last Modified: May 12, 2022

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Twitter Activity

Tweets last week: 10

Remaining steady

Yahoo Activity

Yahoo results: 0

Remaining steady

EPSS History

Current EPSS Score: 0.91511

Remaining steady


Reddit Activity

Reddit Posts: 34

Remaining steady

Github Repos

Github Repos: 57

Remaining steady

Exploits

Found exploits:

Attack Vector: Network

Attack Complexity: Low

Privileges Required: None

User Interaction: None

Scope: Unchanged

Confidentiality: High

Integrity: High

Availability: High

Base Score: 9.8

Exploitability Score: 3.9

Impact Score: 5.9

CVSS V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Specialize CVSS-Score

Access Vector: Network

Access Complexity: Low

Authentication: None

Confidentiality Impact: Partial

Integrity Impact: Partial

Availability Impact: Partial

Base Score: 7.5

Exploitability Score: 10.0

Impact Score: 6.4

CVSS V2: AV:N/AC:L/Au:N/C:P/I:P/A:P

Specialize CVSS-Score

CWE-306

['alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS ( msg:"POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt"; flow:to_server,established; http_uri; content:"/mgmt/tm/util/bash",fast_pattern,nocase; http_client_body; content:"command",nocase; metadata:policy max-detect-ips drop,policy security-ips drop,ruleset community; service:http; reference:cve,2022-1388; classtype:policy-violation; sid:57336; rev:3; )\n', 'alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS ( msg:"SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt"; flow:to_server,established; http_header; content:"Connection|3A|",nocase; content:"X-F5-Auth",distance 0,fast_pattern,nocase; pcre:"/^Connection:[^\\r\\n]*?X-F5-Auth/im"; metadata:policy balanced-ips drop,policy max-detect-ips drop,policy security-ips drop,ruleset community; service:http; reference:cve,2022-1388; classtype:attempted-user; sid:300131; rev:2; )\n', '# alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt"; flow:to_server,established; content:"/mgmt/tm/util/bash"; fast_pattern:only; http_uri; content:"command"; nocase; http_client_body; metadata:policy max-detect-ips drop, policy security-ips drop, ruleset community, service http; reference:cve,2022-1388; classtype:policy-violation; sid:57336; rev:3;)\n', 'alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt"; flow:to_server,established; content:"Connection:"; nocase; http_header; content:"X-F5-Auth"; distance:0; fast_pattern; nocase; http_header; pcre:"/^Connection:[^\\r\\n]*?X-F5-Auth/Him"; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, ruleset community, service http; reference:cve,2022-1388; classtype:attempted-user; sid:59735; rev:2;)\n']

Condition Configuration
OR
Condition Configuration
OR
OR
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
Alle Schwachstellen für f5
                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <set operator="or"/>
        <set operator="or">
            <prop key="application" value="cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*"/>
            <prop key="application" value="cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*"/>
        </set>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

                  
                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>