""ET EXPLOIT F5 BIG-IP iControl REST Authentication Bypass Server Response (CVE-2022-1388)""
SID: 2036547
Revision: 1
Class Type: trojan-activity
Metadata: attack_target Web_Server, created_at 2022_05_09, cve CVE_2022_1388, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, signature_severity Major, updated_at 2022_05_09
Reference:
-
cve
-
2022-1388
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: any
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "200"
-
Value: "kind"
-
Value: "tm|3a|util|3a|bash|3a|runstate"
-
Value: "command"
-
Value: "run"
-
Value: "utilCmdArgs"
-
Value: "commandResult"
Within:
PCRE:
Special Options:
-
http_stat_code
-
file_data
-
fast_pattern