BIG-IP iControl REST RCE (CVE-2022-1388) Detection with Sn1per Professional
A critical vulnerability affecting the F5 BIG-IP devices was disclosed and designated CVE-2022-1388 which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers. A number of Proof-of-Concept (PoC) exploits were published online and exploit activity is actively being observed. Given the impact and severity of the vulnerability, Sn1perSecurity has released an out-of-band update to help detect vulnerable servers in your environment using Sn1per Professional.
Severity: CRITICAL | Exploit Available: Yes | Exploitability: Easy | Remotely Exploitable: Yes
Scanning for BIG-IP iControl REST RCE (CVE-2022-1388)
To detect the CVE-2022-1388 vulnerability using Sn1per Professional, you will need to do the following:
- Apply the template update from the Sn1per Professional “Updates” panel
- Ensure that the “SC0PE_VULNERABLITY_SCANNER” is set to “1” in your Sn1per configuration
- Run a scan of your network using the normal Sn1per scan process
After the scan finishes, you can then view all vulnerable instances from the Sn1per Professional “Vulnerability Report Viewer“.
