Two safety vulnerabilities have been found in F5 Subsequent Central Supervisor that might be exploited by a menace actor to grab management of the gadgets and create hidden rogue administrator accounts for persistence.
The remotely exploitable flaws “can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next Central Manager,” safety agency Eclypsium stated in a brand new report.
An outline of the 2 points is as follows –
- CVE-2024-21793 (CVSS rating: 7.5) – An OData injection vulnerability that might enable an unauthenticated attacker to execute malicious SQL statements by the BIG-IP NEXT Central Supervisor API
- CVE-2024-26026 (CVSS rating: 7.5) – An SQL injection vulnerability that might enable an unauthenticated attacker to execute malicious SQL statements by the BIG-IP Subsequent Central Supervisor API
Each the issues influence Subsequent Central Supervisor variations from 20.0.1 to twenty.1.0. The shortcomings have been addressed in model 20.2.0.
Profitable exploitation of the bugs may end up in full administrative management of the system, enabling attackers to mix it with different flaws to create new accounts on any BIG-IP Subsequent asset managed by the Central Supervisor.
What’s extra, these malicious accounts would stay hid from the Central Supervisor itself. That is made potential by a server-side request forgery (SSRF) vulnerability that makes it potential to invoke an undocumented API and create the accounts.
“This means that even if the admin password is reset in the Central Manager, and the system is patched, attacker access might still remain,” the provision chain safety firm stated.
Additionally found by Eclypsium are two extra weaknesses that might merely brute-force assaults towards the admin passwords and allow an administrator to reset their passwords with out information of the prior one. An attacker might weaponize this subject to dam legit entry to the system from each account.
Whereas there aren’t any indications that the vulnerabilities have come beneath lively exploitation within the wild, it is advisable that customers replace their situations to the newest model to mitigate potential threats.
“Networking and utility infrastructure have turn out to be a key goal of attackers lately,” Eclypsium stated. “Exploiting these highly privileged systems can give adversaries an ideal way to gain access, spread, and maintain persistence within an environment.”
