CVE-F5-BIGIPInitial Access

F5 BIG-IP iControl REST Auth Bypass (CVE-2022-1388)

Connection-header SMUGGLE to bypass iControl REST auth → command-injection → root on the load balancer.

§ Where this technique fits

CVE-F5-BIGIP is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

F5 BIG-IP iControl auth bypass (CVE-2022-1388) → root on LB
Connection-header smuggle bypasses iControl REST auth, command-injection RCE as root. Load balancers see all traffic — recover TLS keys, session cookies, internal SSO config.
step 2 / 6

§ What commonly comes next

01
Command and Scripting Interpreter
T1059 · Execution
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

F5 BIG-IP iControl auth bypass (CVE-2022-1388) → root on LB

§ What commonly comes next