BIG-IP iControl REST RCE (CVE-2022-1388) Detection with Sn1per Professional

A critical vulnerability affecting the F5 BIG-IP devices was disclosed and designated CVE-2022-1388 which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers. A number of Proof-of-Concept (PoC) exploits were published online and exploit activity is actively being observed. Given the impact and severity of the vulnerability, Sn1perSecurity has released an out-of-band update to help detect vulnerable servers in your environment using Sn1per Professional.

Severity: CRITICAL | Exploit Available: Yes | Exploitability: Easy | Remotely Exploitable: Yes

Scanning for BIG-IP iControl REST RCE (CVE-2022-1388)

To detect the CVE-2022-1388 vulnerability using Sn1per Professional, you will need to do the following:

  1. Apply the template update from the Sn1per Professional “Updates” panel
  2. Ensure that the “SC0PE_VULNERABLITY_SCANNER” is set to “1” in your Sn1per configuration
  3. Run a scan of your network using the normal Sn1per scan process

After the scan finishes, you can then view all vulnerable instances from the Sn1per ProfessionalVulnerability Report Viewer“.


Leave a Reply