This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.
./CVE-2022-1388.sh <ip_addr>
- F5 BIG-IP 16.1.0 - 16.1.2
- F5 BIG-IP 15.1.0 - 15.1.5
- F5 BIG-IP 14.1.0 - 14.1.4
- F5 BIG-IP 13.1.0 - 13.1.4
- F5 BIG-IP 12.1.0 - 12.1.6 (will not be fixed)
- F5 BIG-IP 11.6.1 - 11.6.5 (will not be fixed)
https://support.f5.com/csp/article/K23605346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1388
⚠️ Any malicious use of the contents from this repo will not hold the author responsible, the contents are solely for educational purpose.