U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts warn of two BIG-IP Next Central Manager flaws that allow device takeover

Two high-severity vulnerabilities in BIG-IP Next Central Manager can be exploited to gain admin control and create hidden accounts on any managed assets. F5 has addressed two high-severity vulnerabilities, respectively tracked as CVE-2024-26026 and CVE-2024-21793, in BIG-IP Next Central Manager that can lead to device takeover. BIG-IP Next Central Manager (NCM) is a centralized management […]

NGINX F5 BIG-IP NGINX

Two high-severity vulnerabilities in BIG-IP Next Central Manager can be exploited to gain admin control and create hidden accounts on any managed assets.

F5 has addressed two high-severity vulnerabilities, respectively tracked as CVE-2024-26026 and CVE-2024-21793, in BIG-IP Next Central Manager that can lead to device takeover.

BIG-IP Next Central Manager (NCM) is a centralized management and orchestration solution offered by F5 Networks for their BIG-IP family of products. It provides a single pane of glass interface for managing multiple BIG-IP devices across an organization’s network infrastructure. With BIG-IP NCM, administrators can efficiently configure, monitor, and troubleshoot their BIG-IP devices, ensuring consistent policies and configurations across the network.

The flaws were discovered by Vladyslav Babkin of cybersecurity firm Eclypsium.

The vulnerability CVE-2024-26026 is a SQL injection issue that can be exploited by an unauthenticated attacker to execute malicious SQL statements through the BIG-IP Next Central Manager API (URI).

To mitigate this vulnerability, F5 suggests restricting the management access to the impacted products to only trusted users and devices over a secure network.

“Our ongoing research has identified remotely exploitable vulnerabilities in F5’s Next Central Manager that can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next Central Manager.” reads the advisory published by Eclypsium that also provided a Proof-of-concept (PoC) exploit code. “These attacker-controlled accounts would not be visible from the Next Central Manager itself, enabling ongoing malicious persistence within the environment.”

The vulnerability CVE-2024-21793 is an OData injection issue that resides in the Next Central Manager API (URI).

An unauthenticated attacker can exploit this flaw to execute malicious SQL statements through the BIG-IP NEXT Central Manager API (URI).

Eclypsium is not aware of attacks in the wild exploiting the above vulnerabilities.

“Management systems for network infrastructure such as F5 BIG-IP are prime targets for attackers and require extra vigilance.” concludes the security firm.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, F5)