Goby/json/BIG-IP-iControl-REST-vulnerability-(CVE-2022-1388).json

{
  "Name": "BIG-IP iControl REST vulnerability (CVE-2022-1388)",
  "Description": "<p><span style=\"font-size: 16px;\"><span style=\"font-size: 16px;\">BIG-IP is an application delivery service of F5 company, which is oriented to the world's advanced technology with application as the center.</span><span style=\"font-size: 16px;\">&nbsp;With the help of BIG-IP application delivery controller, keep the application running normally.</span><span style=\"font-size: 16px;\">&nbsp;BIG-IP local traffic manager (LTM) and BIG-IP DNS can handle application traffic and protect infrastructure.</span>This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.</span><br></p>",
  "Product": "f5-BIGIP",
  "Homepage": "https://www.f5.com/products/big-ip-services",
  "DisclosureDate": "2022-05-05",
  "Author": "su18@javaweb.org",
  "FofaQuery": "app=\"F5-BIGIP\"",
  "GobyQuery": "app=\"F5-BIGIP\"",
  "Level": "3",
  "Impact": "<p>This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.<br></p>",
  "Recommendation": "<p><span style=\"font-size: medium;\">Referring to the impact scope of the vulnerability, the F5 official has given a solution, which can be upgraded to an unaffected version or repaired by referring to the official website&nbsp;<a href=\"https://support.f5.com/csp/article/K23605346\">https://support.f5.com/csp/article/K23605346</a>.</span><br></p>",
  "References": [
    "https://support.f5.com/csp/article/K23605346"
  ],
  "Is0day": false,
  "HasExp": true,
  "ExpParams": [
    {
      "Name": "AttackType",
      "Type": "select",
      "Value": "goby_shell_linux,cmd"
    },
    {
      "Name": "cmd",
      "Type": "input",
      "Value": "whoami",
      "show": "AttackType=cmd"
    }
  ],
  "ExpTips": {
    "Type": "",
    "Content": ""
  },
  "ScanSteps": [
    "AND",
    {
      "Request": {
        "method": "GET",
        "uri": "/mgmt/shared/authn/login",
        "follow_redirect": true,
        "header": {},
        "data_type": "text",
        "data": ""
      },
      "ResponseTest": {
        "type": "group",
        "operation": "AND",
        "checks": [
          {
            "type": "item",
            "variable": "$body",
            "operation": "contains",
            "value": "resterrorresponse",
            "bz": ""
          },
          {
            "type": "item",
            "variable": "$body",
            "operation": "contains",
            "value": "Authorization failed",
            "bz": ""
          },
          {
            "type": "item",
            "variable": "$code",
            "operation": "==",
            "value": "401",
            "bz": ""
          }
        ]
      },
      "SetVariable": []
    }
  ],
  "ExploitSteps": [
    "AND",
    {
      "Request": {
        "method": "GET",
        "uri": "/test.php",
        "follow_redirect": true,
        "header": {},
        "data_type": "text",
        "data": ""
      },
      "ResponseTest": {
        "type": "group",
        "operation": "AND",
        "checks": [
          {
            "type": "item",
            "variable": "$code",
            "operation": "==",
            "value": "200",
            "bz": ""
          },
          {
            "type": "item",
            "variable": "$body",
            "operation": "contains",
            "value": "test",
            "bz": ""
          }
        ]
      },
      "SetVariable": []
    }
  ],
  "Tags": [
    "Unauthorized Access",
    "Command Execution",
    "Directory Traversal"
  ],
  "VulType": [
    "Unauthorized Access",
    "Command Execution",
    "Directory Traversal"
  ],
  "CVEIDs": [
    "CVE-2022-1388"
  ],
  "CNNVD": [
    ""
  ],
  "CNVD": [
    ""
  ],
  "CVSSScore": "9.8",
  "Translation": {
    "CN": {
      "Name": "F5 BIG-IP iControl REST 身份认证绕过漏洞（CVE-2022-1388）",
      "Product": "f5-BIGIP",
      "Description": "<p><span style=\"font-size: medium;\">BIG-IP 是 F5 公司的一款应用交付服务是面向以应用为中心的世界先进技术。借助 BIG-IP 应用程序交付控制器保持应用程序正常运行。BIG-IP 本地流量管理器 (LTM) 和 BIG-IP DNS 能够处理应用程序流量并保护基础设施。未经身份验证的攻击者可以通过管理端口或自身 IP 地址对 BIG-IP 系统进行网络访问，执行任意系统命令、创建或删除文件或禁用服务。</span><br></p>",
      "Recommendation": "<p><span style=\"font-size: medium;\">参考漏洞影响范围，目前F5官方已给出解决方案，可升级至不受影响版本或参考官网文件进行修复 <a href=\"https://support.f5.com/csp/article/K23605346\">https://support.f5.com/csp/article/K23605346</a>。</span><br></p>",
      "Impact": "<p>未经身份验证的攻击者可以通过管理端口或自身 IP 地址对 BIG-IP 系统进行网络访问，执行任意系统命令、创建或删除文件或禁用服务。<br></p>",
      "VulType": [
        "命令执⾏",
        "⽬录穿越/遍历",
        "登录绕过"
      ],
      "Tags": [
        "命令执⾏",
        "⽬录穿越/遍历",
        "登录绕过"
      ]
    },
    "EN": {
      "Name": "BIG-IP iControl REST vulnerability (CVE-2022-1388)",
      "Product": "f5-BIGIP",
      "Description": "<p><span style=\"font-size: 16px;\"><span style=\"font-size: 16px;\">BIG-IP is an application delivery service of F5 company, which is oriented to the world's advanced technology with application as the center.</span><span style=\"font-size: 16px;\">&nbsp;With the help of BIG-IP application delivery controller, keep the application running normally.</span><span style=\"font-size: 16px;\">&nbsp;BIG-IP local traffic manager (LTM) and BIG-IP DNS can handle application traffic and protect infrastructure.</span>This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.</span><br></p>",
      "Recommendation": "<p><span style=\"font-size: medium;\">Referring to the impact scope of the vulnerability, the F5 official has given a solution, which can be upgraded to an unaffected version or repaired by referring to the official website&nbsp;<a href=\"https://support.f5.com/csp/article/K23605346\">https://support.f5.com/csp/article/K23605346</a>.</span><br></p>",
      "Impact": "<p>This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.<br></p>",
      "VulType": [
        "Unauthorized Access",
        "Command Execution",
        "Directory Traversal"
      ],
      "Tags": [
        "Unauthorized Access",
        "Command Execution",
        "Directory Traversal"
      ]
    }
  },
  "AttackSurfaces": {
    "Application": null,
    "Support": null,
    "Service": null,
    "System": null,
    "Hardware": null
  }
}