MrCl0wnLab/Nuclei-Template-CVE-2022-1388-BIG-IP-iControl-REST-Exposed

This is stars and forks stats for /MrCl0wnLab/Nuclei-Template-CVE-2022-1388-BIG-IP-iControl-REST-Exposed repository. As of 03 May, 2024 this repository has 23 stars and 9 forks.

Nuclei Template CVE-2022-1388 BIG-IP iControl REST Exposed [ May 06, 2022 ] This only verifies the presence of the API by hitting the authentication endpoint This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only. This template is a simple check Send request: path {{BaseURL}}/mgmt/shared/authn/login matchers: words: "resterrorresponse" "message" status code: 401 POC Manual curl -sk --max-time 2 "https://{TARGET}/mgmt/shared/authn/login" | egrep "message|resterrorresponse" | jq { "code": 401, "message": "Authorization failed: no user authentication header or token detected. Uri:http://localhost:8100/mgmt/shared/authn/login Referrer:xxx.xxx.177.228 Sender:xxx.xxx.177.228", "referer": "xxx.xxx.177.228", "restOperationId": 1461894338, "kind": ":resterrorresponse" } Additional Details https://www.shodan.io/search?query=http.title%3A%22BIG-IP%26reg%3B-+Redirect%22 References https://twitter.com/1ZRR4H/status/1522165718975922178 https://support.f5.com/csp/article/K23605346 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1388 https://clouddocs.f5.com/products/big-iq/mgmt-api/v5.4/ApiReferences/bigiq_api_ref/r_auth_login.html https://github.com/tenable/audit_files/tree/master/cve-2022-1388 https://thehackernews.com/2022/05/f5-warns-of-new-critical-big-ip-remote.html