InfoSecBulletin Cybersecurity for mankind
Eclypsium recently found flaws in F5’s BIG-IP Next Central Manager, which could let attackers take control of the network.
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
GitHub CLI Vulnerability Could Allow RCE
“Sarcoma” ransomware group
Hacker to disclose “Popular Life Insurance” 36 GB of stolen data
BugHunt 2024: A Milestone Cyber security Competition held at Dhaka
TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely
WSJ reports
T-Mobile hacked in massive breach of telecom networks
Palo Alto Networks Confirms critical RCE zero-day actively exploited
BIG-IP is a product line from F5 that includes software and hardware for managing, securing, and optimizing applications across networks. The Next Central Manager is a key control point for tasks across the BIG-IP Next fleet, aiming to improve performance and management. It is crucial for organizations as it oversees important network operations for business continuity and security.
Eclypsium’s report has identified several weaknesses, with two major ones assigned CVE identifiers due to their severity and ease of exploitation:
CVE-2024-21793 (Unauthenticated OData Injection):
The Central Manager has a vulnerability in handling OData queries. If LDAP is enabled, an attacker can manipulate query parameters to obtain sensitive information, like administrator passwords.
CVE-2024-26026 (Unauthenticated SQL Injection):
A serious SQL injection flaw can be used to bypass authentication and potentially access administrative user password hashes.
If these vulnerabilities are used, attackers can have full control of the Central Manager. They can create accounts on any managed BIG-IP Next assets. The concerning part is that these accounts will not be visible on the Central Manager. This gives attackers secret and long-lasting access to the network.
(Media Disclaimer: This report is based on research conducted internally and externally using different ways. The information provided is for reference only, and users are responsible for relying on it. Infosecbulletin is not liable for the accuracy or consequences of using this information by any means)
