Security News > 2024 > May > F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026)
Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities affecting F5's BIG-IP Next Central Manager.
BIG-IP Next Central Manager allows users to centrally control their BIG-IP Next instances and services.
CVE-2024-21793 and CVE-2024-26026 - both injection vulnerabilities that may allow attackers to execute malicious SQL statements through the BIG-IP NEXT Central Manager API - have been found by researcher Vladyslav Babkin.
The PoCs Eclypsium shared for the two CVE-numbered flaws may allow attackers attackers to grab admin's password hash.
"The management console of the Central Manager can be remotely exploited by any attacker able to access the administrative UI via CVE 2024-21793 or CVE 2024-26026. This would result in full administrative control of the manager itself," the researchers explained.
"Attackers can then take advantage of the other vulnerabilities to create new accounts on any BIG-IP Next asset managed by the Central Manager. Notably, these new malicious accounts would not be visible from the Central Manager itself."
News URL
https://www.helpnetsecurity.com/2024/05/09/cve-2024-21793-cve-2024-26026/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-05-08 | CVE-2024-26026 | SQL Injection vulnerability in F5 Big-Ip Next Central Manager 20.1.0 An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 9.8 |
2024-05-08 | CVE-2024-21793 | SQL Injection vulnerability in F5 Big-Ip Next Central Manager 20.1.0 An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 9.8 |