Subj : Security flaws in BIG-IP system could have put entire networks at To : All From : TechnologyDaily Date : Thu May 09 2024 20:00:06 Security flaws in BIG-IP system could have put entire networks at risk Date: Thu, 09 May 2024 18:56:15 +0000 Description: F5 released mitigations and a patch for two high-risk flaws. FULL STORY ====================================================================== BIG-IP Next Central Manager (NCM), a centralized management and orchestration platform for F5s BIG-IP product family, was vulnerable to two major flaws which allowed malicious actors to take over its managed assets. The bugs, which have since been patched, are described as an SQL injection vulnerability, and an OData injection vulnerability. They are tracked as CVE-2024-26026 and CVE-2024-21793, and are found in the NCM API. By abusing these bugs, threat actors could run malicious SQL statements on vulnerable endpoints from a distance. Thousands of potential victims Cybersecurity firm Eclypsium found and reported the flaws, and the researchers also published a proof-of-concept exploit, which demonstrates how a rogue admin account, created by an attacker, remains invisible in the Next Central Manager, granting persistence on the vulnerable endpoint. "The management console of the Central Manager can be remotely exploited by any attacker able to access the administrative UI via CVE 2024-21793 or CVE 2024-26026. This would result in full administrative control of the manager itself," the researchers explained. "Attackers can then take advantage of the other vulnerabilities to create new accounts on any BIG-IP Next asset managed by the Central Manager. Notably, these new malicious accounts would not be visible from the Central Manager itself." F5s NCM allows IT teams to manage devices such as application delivery controllers (ADCs), firewall solutions, and other network appliances. It provides capabilities for configuration management, policy enforcement, monitoring, and reporting across distributed environments. According to Shodans figures, there are more than 10,000 F5 BIG-IP devices with open management ports. F5 also shared a workaround for admins who are unable to install the patch at this time. Per the companys instructions, restricting Next Central Manager access to trusted users over a secure network sorts out the problem There is no evidence of in-the-wild exploitation, Eclypsium confirmed. Via BleepingComputer More from TechRadar Pro This cloud security software used by many enterprises is being hacked, so patch now Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/security-flaws-in-big-ip-system-could-h ave-put-entire-networks-at-risk --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .