InfoSecBulletin Cybersecurity for mankind
Eclypsium recently found flaws in F5’s BIG-IP Next Central Manager, which could let attackers take control of the network.
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
BIG-IP is a product line from F5 that includes software and hardware for managing, securing, and optimizing applications across networks. The Next Central Manager is a key control point for tasks across the BIG-IP Next fleet, aiming to improve performance and management. It is crucial for organizations as it oversees important network operations for business continuity and security.
Eclypsium’s report has identified several weaknesses, with two major ones assigned CVE identifiers due to their severity and ease of exploitation:
CVE-2024-21793 (Unauthenticated OData Injection):
The Central Manager has a vulnerability in handling OData queries. If LDAP is enabled, an attacker can manipulate query parameters to obtain sensitive information, like administrator passwords.
CVE-2024-26026 (Unauthenticated SQL Injection):
A serious SQL injection flaw can be used to bypass authentication and potentially access administrative user password hashes.
If these vulnerabilities are used, attackers can have full control of the Central Manager. They can create accounts on any managed BIG-IP Next assets. The concerning part is that these accounts will not be visible on the Central Manager. This gives attackers secret and long-lasting access to the network.
(Media Disclaimer: This report is based on research conducted internally and externally using different ways. The information provided is for reference only, and users are responsible for relying on it. Infosecbulletin is not liable for the accuracy or consequences of using this information by any means)
