Crucial F5 Central Supervisor Vulnerabilities Permit Allow Full Gadget Takeover

Could 09, 2024NewsroomFirewall / Community Safety

Two safety vulnerabilities have been found in F5 Subsequent Central Supervisor that might be exploited by a menace actor to grab management of the gadgets and create hidden rogue administrator accounts for persistence.

The remotely exploitable flaws “can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next Central Manager,” safety agency Eclypsium stated in a brand new report.

An outline of the 2 points is as follows –

  • CVE-2024-21793 (CVSS rating: 7.5) – An OData injection vulnerability that might enable an unauthenticated attacker to execute malicious SQL statements by the BIG-IP NEXT Central Supervisor API
  • CVE-2024-26026 (CVSS rating: 7.5) – An SQL injection vulnerability that might enable an unauthenticated attacker to execute malicious SQL statements by the BIG-IP Subsequent Central Supervisor API

Each the issues influence Subsequent Central Supervisor variations from 20.0.1 to twenty.1.0. The shortcomings have been addressed in model 20.2.0.

Cybersecurity

Profitable exploitation of the bugs may end up in full administrative management of the system, enabling attackers to mix it with different flaws to create new accounts on any BIG-IP Subsequent asset managed by the Central Supervisor.

What’s extra, these malicious accounts would stay hid from the Central Supervisor itself. That is made potential by a server-side request forgery (SSRF) vulnerability that makes it potential to invoke an undocumented API and create the accounts.

F5 Central Manager Vulnerabilities

“This means that even if the admin password is reset in the Central Manager, and the system is patched, attacker access might still remain,” the provision chain safety firm stated.

Additionally found by Eclypsium are two extra weaknesses that might merely brute-force assaults towards the admin passwords and allow an administrator to reset their passwords with out information of the prior one. An attacker might weaponize this subject to dam legit entry to the system from each account.

Whereas there aren’t any indications that the vulnerabilities have come beneath lively exploitation within the wild, it is advisable that customers replace their situations to the newest model to mitigate potential threats.

“Networking and utility infrastructure have turn out to be a key goal of attackers lately,” Eclypsium stated. “Exploiting these highly privileged systems can give adversaries an ideal way to gain access, spread, and maintain persistence within an environment.”

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.

Recent articles

Grasp Certificates Administration: Be part of This Webinar on Crypto Agility and Finest Practices

Nov 15, 2024The Hacker InformationWebinar / Cyber Security Within the...

9 Worthwhile Product Launch Templates for Busy Leaders

Launching a product doesn’t should really feel like blindly...

How Runtime Insights Assist with Container Safety

Containers are a key constructing block for cloud workloads,...