If You’re Going to Spray My Exploit… (CVE-2022-41800)
ID: 2de84017-be15-5ac7-81bd-ff643514bd99
STIX ID: report--2de84017-be15-5ac7-81bd-ff643514bd99
Feed Name: GreyNoise Labs
Threat Score
This report describes honeypot-captured scanning and exploitation attempts against F5 BIG-IP management endpoints, documenting hits against tmui and /mgmt APIs. Observed activity includes CVE-2022-1388 auth-bypass RCE exploit patterns, SSRF-related attempts for CVE-2021-22986, and use of a PoC payload targeting CVE-2022-41800 (rpm-spec-creator). The author analyzes HTTP requests, captured POST bodies, and notes attackers reusing public PoC strings, providing concrete indicators and context for remediation.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.