Finding Something New About CVE-2022-1388
One of the things we do at VulnCheck is n-day analysis. That can include analysis of well-known, deeply researched, and widely exploited vulnerabilities. When we tackle that type of issue, we aim to learn something new, novel, or, at the very least, interesting. We recently took that approach analyzing CVE-2022-1388. CVE-2022-1388 is an authentication bypass vulnerability affecting F5 Big-IP products. When CVE-2022-1388 was disclosed in May 2022, there were only a few thousand internet-facing affected systems. But there was no stopping the infosec hype train. Multiple research organizations published redacted proof of concepts, Kevin Beaumont was tweeting about honeypot exploitation, randoms were dropping exploit screenshots, and reporters were mistaking jokes about an inside job for reality. Eventually, most of the speculation and fear-mongering were put to bed by an excellent deep-dive analysis from Horizon3.ai. When all the hype died down, the vulnerability was quite well-known. It’s been featured in research write-ups. There’s a Metasploit module, and Greynoise tag. Shadow Server identifies the vulnerability in their honeypot network. It was even named one of the [top vulnerabilities in 2022, and added to the CISA KEV Catalog. What more could be said about this vulnerability? Well, if you don’t look, you’ll never know.