Security News > 2024 > May > F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026)
Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities affecting F5's BIG-IP Next Central Manager.
BIG-IP Next Central Manager allows users to centrally control their BIG-IP Next instances and services.
CVE-2024-21793 and CVE-2024-26026 - both injection vulnerabilities that may allow attackers to execute malicious SQL statements through the BIG-IP NEXT Central Manager API - have been found by researcher Vladyslav Babkin.
The PoCs Eclypsium shared for the two CVE-numbered flaws may allow attackers attackers to grab admin's password hash.
"The management console of the Central Manager can be remotely exploited by any attacker able to access the administrative UI via CVE 2024-21793 or CVE 2024-26026. This would result in full administrative control of the manager itself," the researchers explained.
"Attackers can then take advantage of the other vulnerabilities to create new accounts on any BIG-IP Next asset managed by the Central Manager. Notably, these new malicious accounts would not be visible from the Central Manager itself."
News URL
https://www.helpnetsecurity.com/2024/05/09/cve-2024-21793-cve-2024-26026/
Related news
- Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869) (source)
- PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) (source)
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
- CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)