Η F5 Corrected by two serious vulnerabilities in the BIG-IP Next Central Manager, which can allow someone to gain administrator control and create hidden deceitful accounts to any managed assets.
Next Central Manager allows administrators to control on-premises or cloud BIG-IP Next instances and services through a unified management user interface.
The two vulnerabilities are monitored as CVE-2024-26026 and CVE-2024-21793. The first is a vulnerability SQL injection and the second OData injection. They were detected in the BIG-IP Next Central Manager API and allow unauthorized attackers to execute malicious SQL statements on non-updated devices.
See also: LiteSpeed Cache plugin: hackers gain control of WordPress sites via vulnerability
SQL injection attacks involve inserting malicious SQL queries into input fields or parameters in database queries. This exploits vulnerabilities in application security and allows SQL commands to be executed, leading to unauthorized Accessed at, data breaches and system auditing.
Security firm Eclypsium, which reported the two vulnerabilities, shared a proof-of-concept exploit on Wednesday. According to the researchers, the accounts created after an unpatched instance is compromised are not visible from Next Central Manager.
“The Central Manager management console can be used remotely by any attacker who may have Accessed at in the administrative user interface via CVE 2024-21793 or CVE 2024-26026. This would result in full administrative control of the manager itself“, says the Eclypsium.
PoC exploit and interim protection measures
F5 says that administrators who cannot immediately install the updates Security, you should restrict Next Central Manager access to trusted users.
Currently, there is no evidence that the two vulnerabilities have been used in attacks. But protective measures must be taken immediately.
See also: Vulnerabilities compromise HPE Aruba devices
According to Shodan, there are more than 10,000 F5 BIG-IP devices with management ports exposed to the Internet.
Protection from vulnerabilities
The information and staff training is vital. Workers need to be aware of the risks associated with cybersecurity and good practices to avoid attacks.
Η use of advanced security solutions, such as Intrusion Protection Systems (IPS), Intrusion Detection Systems (IDS) and software antivirus, can help counter attacks and protect against bugs.
See also: UnitedHealth: the Change Healthcare breach was done through a Citrix vulnerability
Η implementation of updates is one of the most effective ways to protect against gaps Security. Attackers often exploit known vulnerabilities in older versions of software, so keeping the software up to date is vital.
The use of multifactor verification (MFA) can provide an extra layer of protection, as it requires users to provide two or more pieces of verification to prove their Identity card their.
Finally, the the creation and implementation of an information security policy can prevent the exploitation of vulnerabilities. This policy should include protection data, the protection of systems and networks, and the response to security breaches.
Source : www.bleepingcomputer.com
