Two F5 BIG-IP Next Central Manager Flaws Allow Device Takeover

F5, a multi-cloud security and application delivery vendor, has recently patched two high-risk vulnerabilities in its BIG-IP Next Central Manager. Get the details below.  

Tell me more about F5’s BIG-IP Next Central Manager vulnerabilities

This system is crucial for managing BIG-IP Next load balancers and application security instances, whether they are deployed on-premises or in the cloud. The vulnerabilities identified are CVE-2024-26026 and CVE-2024-21793, both of which pose significant security risks as they can be exploited to gain full administrative control over affected devices: 

  • CVE-2024-26026: This vulnerability is an SQL injection flaw with a CVSS score of 7.5. It allows an unauthenticated attacker to execute malicious SQL statements through the BIG-IP Next Central Manager API. SQL injection attacks are notorious for their potential to compromise the integrity and confidentiality of a database, allowing attackers to bypass authentication mechanisms, access sensitive data, and even execute arbitrary commands on the underlying database server. 
  • CVE-2024-21793: Also rated with a CVSS score of 7.5, this vulnerability is an OData injection flaw. Similar to SQL injection, it enables an unauthenticated attacker to execute malicious SQL statements through the BIG-IP NEXT Central Manager API. OData injection attacks specifically target the data query and manipulation capabilities of the Open Data Protocol used by the API, potentially leading to unauthorized data access or manipulation. 

Both vulnerabilities affect versions from 20.0.1 to 20.1.0 of the Next Central Manager, and F5 has addressed these issues in the updated version 20.2.0. To date, there is no evidence that these vulnerabilities have been exploited in the wild. 

What is Nuspire doing?

Nuspire is proactively applying patches as they are released, following the recommendations provided by vendors like F5. Additionally, Nuspire conducts proactive threat hunting to detect any signs of compromise within our clients’ environments. This approach helps in the early detection and mitigation of potential threats arising from such vulnerabilities. 

What should I do?

For administrators and users of BIG-IP Next Central Manager, it is crucial to update your systems to the latest version, 20.2.0, to mitigate the risks associated with these vulnerabilities. If immediate updates are not feasible, it is recommended that access to the Next Central Manager be restricted to trusted users within a secure network. This can help in reducing the attack surface and protecting against potential exploits until updates can be applied. 

In addition, vulnerability management and patching can help mitigate these risks and ensure your network remains secure.  


Have you registered for our next event?