May 9, 2024 at 02:19AM
Two security vulnerabilities in F5 Next Central Manager could allow threat actors to gain control of devices and create hidden administrator accounts. The flaws, CVE-2024-21793 and CVE-2024-26026, impact versions 20.0.1 to 20.1.0 and have been addressed in version 20.2.0. Exploitation could lead to full control of the device and the creation of new accounts. It is recommended that users update to mitigate potential threats.
Key Takeaways from the meeting notes are as follows:
– Two security vulnerabilities were discovered in F5 Next Central Manager, which could allow attackers to seize control of the devices and create hidden rogue administrator accounts for persistence.
– The vulnerabilities are described as CVE-2024-21793 (OData injection) and CVE-2024-26026 (SQL injection), both with a CVSS score of 7.5.
– The flaws impact Next Central Manager versions from 20.0.1 to 20.1.0, but have been addressed in version 20.2.0.
– Successful exploitation of the bugs can result in full administrative control of the device, enabling attackers to create new accounts on any BIG-IP Next asset managed by the Central Manager, while remaining concealed from the Central Manager itself.
– Additional weaknesses discovered by Eclypsium could lead to brute-force attacks against admin passwords and permit an administrator to reset their passwords without knowledge of the prior one, potentially blocking legitimate access to the device.
– Users are recommended to update their instances to the latest version to mitigate potential threats and should be aware that networking and application infrastructure have become key targets for attackers, providing ideal ways to gain access, spread, and maintain persistence within an environment.
Feel free to ask for any further clarification or additional details.