Closed hh-hunter closed 2 years ago
maoning
commented
2 years ago Hi @hh-hunter ,
Thanks for your request! This vulnerability is in scope for the reward program. Please submit our participation form and you can start working on the development.
Please keep in mind that the Tsunami Scanner Team will only be able to work at one issue at a time for each participant so please hold on the implementation work for any other requests you might have.
Thanks!
hh-hunter
commented
2 years ago @maoning @magl0 hi, I haven't seen any merge or comment dynamics on this repository for a long time. Is this project still being maintained? Is it possible to turn on shen for other plugins or fingerprints that I submit?
maoning
commented
2 years ago The project is still active, we are currently going through all the backlogs to catch up on all the pending merge requests.
Hello.
I would like to start implementing a plugin to detect CVE-2022-1388 , This vulnerability should be relatively new and has been patched.
The vulnerability has been assigned a CVE ID CVE-2022-1388 (CVSS score >= 7.0) and the severity level of the vulnerability is HIGH or CRITICAL: CVSS score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication.
Sending an attack request can lead to command execution.
The vulnerability can be exploited remotely without authentication and user interaction.
Please let me know if this is in scope to start with its development.