F5 BIG-IP iControl REST Authentication Bypass (CVE-2022-1388) for 2022-06-17

Jun 17, 2022 WebExploit

Last Updated: 12:00 UTC

CVE-2022-1388 is an authentication bypass (CVSS 9.8) in the F5 BIG-IP iControl REST API (/mgmt/tm/) that allows unauthenticated command execution on the management plane. Mass exploitation began within days of public disclosure, deploying webshells and cryptocurrency miners.

CVE References

CVE-2022-1388

MITRE ATT&CK

Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application

Observed URIs

/mgmt/tm/util/bash

Attackers by Country

IP Address : ASN : City/Provider

103.164.191.36 : AS17995 pt iforte global internet : Indonesia

Share on: