Vulnerability detail

Tenable Blog · May 27, 2026

Tenable Research has developed a graph-based model linking 600+ threat groups to real-world customer exposures. It reveals which vulnerabilities sit at the intersection of severity, active exploitation, and organizational risk.Key takeawaysThe "patch everything" strategy is dead: Vulnerability prioritization based on exploitation risk offers a path forward. A directed graph model linking 600+ threat actors to vulnerabilities in 7,800 customer environments reveals that 68% of organizations carry at least one CVE previously exploited by a named adversary, and 321 tracked threat groups can reach at least one customer environment through an active vulnerability. Prevalence of "Elite Arsenal" CVEs requires immediate attention: The 242 "Elite Arsenal" CVEs — those meeting all three criteria of critical VPR (≥ 9), CISA KEV listing, and documented threat group exploitation — are nearly universally present across the studied customer base, with 241 of 242 actively detected. More than half are five or more years old, and 78% of the persistently exploited core are simultaneously weaponized by nation-state APTs, commodity malware operators, and ransomware gangs. Non-CVE exposures are universally dangerous: Non-CVE exposures, including misconfigurations, weak credentials, and end-of-life software, are present in virtually 100% of studied organizations, with 60% carrying at least one that maps to a tracked threat actor's preferred techniques. Preliminary modeling suggests these exposures may confer more breach risk than CVE-linked findings, yet no industry-standard scoring infrastructure exists to prioritize them.While the first two posts in this blog series documented the accelerating vulnerability flood and the widening remediation gap, today we answer the outstanding question: Where do these forces actually collide inside customer environments? Using a directed graph model that maps more than 600 tracked threat groups to vulnerabilities observed across 7,800 organizations,...

metasploit · Created Unknown

Metasploit module for CVE-2022-1388

github · Created 2024-04-30 01:10:05 UTC · 5 stars

A remote code execution vulnerability exists in the iControl REST API feature of F5's BIG-IP product. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges.

github · Created 2024-01-03 12:28:06 UTC · 2 stars

exploit poc

github · Created 2022-12-24 03:59:24 UTC · 7 stars

-- FOR EDUCATIONAL USE ONLY -- Proof-of-Concept RCE for CVE-2022-1388, plus some added functionality for blue and red teams

github · Created 2022-12-21 16:11:48 UTC · 2 stars

github · Created 2022-11-30 04:06:56 UTC · 3 stars

github · Created 2022-10-25 12:29:54 UTC · 2 stars

cURL one-liner to test for CVE-2022-1388 BIG-IP iControl REST RCE

github · Created 2022-06-21 03:09:26 UTC · 0 stars

CVE-2022-1388 | F5 - Big IP Pre Auth RCE via '/mgmt/tm/util/bash' endpoint

github · Created 2022-06-20 01:58:40 UTC · 1 stars

CVE-2022-1388 | F5 - Big IP Pre Auth RCE via '/mgmt/tm/util/bash' endpoint

github · Created 2022-05-17 10:51:39 UTC · 3 stars

CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE written in Rust

github · Created 2022-05-15 03:58:21 UTC · 14 stars

An Improved Proof of Concept for CVE-2022-1388 w/ an Interactive Shell

github · Created 2022-05-13 10:18:29 UTC · 14 stars

Tool for CVE-2022-1388

github · Created 2022-05-12 16:54:52 UTC · 13 stars

F5 BIG-IP iControl REST vulnerability RCE exploit with Java including a testing LAB

github · Created 2022-05-11 21:55:43 UTC · 0 stars

github · Created 2022-05-11 19:33:37 UTC · 2 stars

CVE-2022-1388 Scanner

github · Created 2022-05-11 17:43:44 UTC · 5 stars

github · Created 2022-05-10 15:44:50 UTC · 5 stars

CVE-2022-1388-PocExp,新增了多线程,F5 BIG-IP RCE exploitation

github · Created 2022-05-10 15:16:12 UTC · 1 stars

Test and Exploit Scripts for CVE 2022-1388 (F5 Big-IP)

github · Created 2022-05-10 05:30:11 UTC · 5 stars

github · Created 2022-05-10 04:44:05 UTC · 8 stars

Reverse Shell for CVE-2022-1388

github · Created 2022-05-10 02:57:31 UTC · 5 stars

PoC For F5 BIG-IP - bash script Exploit one Liner

github · Created 2022-05-09 15:42:55 UTC · 2 stars

CVE-2022-1388 POC exploit

github · Created 2022-05-09 15:24:27 UTC · 2 stars

CVE-2022-1388

github · Created 2022-05-09 14:37:04 UTC · 2 stars

CVE-2022-1388 F5 BIG-IP iControl REST身份验证绕过漏洞

github · Created 2022-05-09 14:02:34 UTC · 8 stars

F5 BIG-IP iControl REST身份验证绕过漏洞

github · Created 2022-05-09 14:01:38 UTC · 36 stars

CVE-2022-1388 F5 BIG-IP iControl REST RCE

github · Created 2022-05-09 11:46:45 UTC · 232 stars

POC for CVE-2022-1388

github · Created 2022-05-09 11:30:09 UTC · 58 stars

Exploit and Check Script for CVE 2022-1388

github · Created 2022-05-09 10:46:19 UTC · 6 stars

CVE-2022-1388 F5 Big IP unauth remote code execution

github · Created 2022-05-09 10:34:38 UTC · 88 stars

F5 BIG-IP RCE exploitation (CVE-2022-1388)

github · Created 2022-05-09 10:22:31 UTC · 85 stars

CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE

github · Created 2022-05-09 07:39:55 UTC · 58 stars

PoC for CVE-2022-1388_F5_BIG-IP

github · Created 2022-05-08 09:28:19 UTC · 7 stars

github · Created 2022-05-07 17:54:08 UTC · 93 stars

CVE-2022-1388 F5 BIG-IP RCE 批量检测

github · Created 2022-05-06 06:22:47 UTC · 24 stars

This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.

github · Created 2022-05-05 15:25:53 UTC · 25 stars

Simple script realizado en bash, para revisión de múltiples hosts para CVE-2022-1388 (F5)

github · Created 2022-05-05 10:35:35 UTC · 53 stars

K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388