F5-CVE-2022-1388-Exploit
Exploit and Check Script for CVE 2022-1388
Usage
Check against single host
python3 CVE-2022-1388.py -v true -u target_url
Attack host and test command
python CVE_2022_1388.py -a true -u target_url -c command
Attack list of hosts
python CVE_2022_1388.py -s true -f file
masscheck.py will take a file input and check the hosts are vulnerable without exploiting them.
Detection:
Scanning for /mgmt/tm/util/bash as an endpoint, likely to be in web server logs. Or if you have a F5 go patch it, the affected versions are shown below and the patch is available here https://support.f5.com/csp/article/K23605346
Vulnerable Versions
- BIG-IP versions 16.1.0 to 16.1.2 (Patch released)
- BIG-IP versions 15.1.0 to 15.1.5 (Patch released)
- BIG-IP versions 14.1.0 to 14.1.4 (Patch released)
- BIG-IP versions 13.1.0 to 13.1.4 (Patch released)
- BIG-IP versions 12.1.0 to 12.1.6 (End of Support)
- BIG-IP versions 11.6.1 to 11.6.5 (End of Support)
52 Dec 16, 2022
134 Dec 16, 2022
12 Nov 22, 2022
9.8k Dec 31, 2022
4 Nov 06, 2021
1 Nov 02, 2021
51 Dec 15, 2022
14 Aug 17, 2022
6 Jun 29, 2022
71 Dec 22, 2022
140 Dec 16, 2022
13 Jul 04, 2021
1.2k Dec 25, 2022
62 Jan 08, 2023
165 Dec 28, 2022
555 Jan 02, 2023
22.1k Jan 02, 2023
52 Nov 09, 2022
4 Apr 05, 2022
1.3k Dec 31, 2022