F5 has addressed two high-severity vulnerabilities, respectively tracked as CVE-2024-26026<\/a> and CVE-2024-21793<\/a>, in BIG-IP Next Central Manager that can lead to device takeover. <\/p>\n\n\n\n
The flaws were discovered by Vladyslav Babkin of cybersecurity firm Eclypsium.<\/p>\n\n\n\n
The vulnerability CVE-2024-26026<\/a> is a SQL injection issue that can be exploited by an unauthenticated attacker to execute malicious SQL statements through the BIG-IP Next Central Manager API (URI).<\/p>\n\n\n\n
“Our ongoing research has identified remotely exploitable vulnerabilities in F5\u2019s Next Central Manager that can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next Central Manager.” reads the advisory<\/strong><\/a> published by Eclypsium that also provided a Proof-of-concept (PoC) exploit code. “These attacker-controlled accounts would not be visible from the Next Central Manager itself, enabling ongoing malicious persistence within the environment.”<\/em><\/p>\n\n\n\n
The vulnerability CVE-2024-21793<\/a> is an OData injection issue that resides in the Next Central Manager API (URI).<\/p>\n\n\n\n
Eclypsium is not aware of attacks in the wild exploiting the above vulnerabilities.<\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0F5<\/a>)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"