{"id":162916,"date":"2024-05-09T07:37:32","date_gmt":"2024-05-09T07:37:32","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=162916"},"modified":"2024-05-09T08:30:55","modified_gmt":"2024-05-09T08:30:55","slug":"f5-big-ip-next-central-manager","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/162916\/security\/f5-big-ip-next-central-manager.html","title":{"rendered":"Experts warn of two BIG-IP Next Central Manager flaws that allow device takeover"},"content":{"rendered":"
<\/div>\n

Two high-severity vulnerabilities in BIG-IP Next Central Manager can be exploited to gain admin control and create hidden accounts on any managed assets.<\/h2>\n\n\n\n

F5 has addressed two high-severity vulnerabilities, respectively tracked as CVE-2024-26026<\/a> and CVE-2024-21793<\/a>, in BIG-IP Next Central Manager that can lead to device takeover. <\/p>\n\n\n\n

BIG-IP Next Central Manager (NCM) is a centralized management and orchestration solution offered by F5 Networks for their BIG-IP family of products. It provides a single pane of glass interface for managing multiple BIG-IP devices across an organization’s network infrastructure. With BIG-IP NCM, administrators can efficiently configure, monitor, and troubleshoot their BIG-IP devices, ensuring consistent policies and configurations across the network.<\/gwmw><\/gwmw><\/p>\n\n\n\n

The flaws were discovered by Vladyslav Babkin of cybersecurity firm Eclypsium.<\/p>\n\n\n\n

The vulnerability CVE-2024-26026<\/a> is a SQL injection issue that can be exploited by an unauthenticated attacker to execute malicious SQL statements through the BIG-IP Next Central Manager API (URI).<\/p>\n\n\n\n

To mitigate this vulnerability, F5 suggests restricting the management access to the impacted products to only trusted users and devices over a secure network.<\/gwmw><\/p>\n\n\n\n

“Our ongoing research has identified remotely exploitable vulnerabilities in F5\u2019s Next Central Manager that can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next Central Manager.” reads the advisory<\/strong><\/a> published by Eclypsium that also provided a Proof-of-concept (PoC) exploit code. “These attacker-controlled accounts would not be visible from the Next Central Manager itself, enabling ongoing malicious persistence within the environment.”<\/em><\/p>\n\n\n\n

The vulnerability CVE-2024-21793<\/a> is an OData injection issue that resides in the Next Central Manager API (URI).<\/p>\n\n\n\n

An unauthenticated attacker can exploit this flaw to execute malicious SQL statements through the BIG-IP NEXT Central Manager API (URI).<\/p>\n\n\n\n

Eclypsium is not aware of attacks in the wild exploiting the above vulnerabilities.<\/p>\n\n\n\n

“Management systems for network infrastructure such as F5 BIG-IP are prime targets for attackers and require extra vigilance.” concludes the security firm.<\/em><\/p>\n\n\n\n

Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n

Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n

(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0F5<\/a>)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Two high-severity vulnerabilities in BIG-IP Next Central Manager can be exploited to gain admin control and create hidden accounts on any managed assets. F5 has addressed two high-severity vulnerabilities, respectively tracked as CVE-2024-26026 and CVE-2024-21793, in BIG-IP Next Central Manager that can lead to device takeover. BIG-IP Next Central Manager (NCM) is a centralized management […]<\/p>\n","protected":false},"author":1,"featured_media":105513,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,55],"tags":[15076,11695,4112,9508,9506,10918,687,841,1533],"class_list":["post-162916","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-security","tag-big-ip-next-central-manager","tag-f5","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-pierluigi-paganini","tag-security-affairs","tag-security-news"],"yoast_head":"\n杭州江阴科强工业胶带有限公司