Ransomware

Researchers Find New F5 Next Central Manager Vulnerabilities

F5 quickly addressed in software version 20.2.0, advising organizations to upgrade immediately to minimize risks

by Ashish Khaitan May 9, 2024 in Firewall Daily, Vulnerabilities Reading Time: 3 mins read 0

587 SHARES 3.3k VIEWS Share on LinkedInShare on Twitter

Security researchers have revealed new critical vulnerabilities in F5's Next , posing severe risks to organizational cybersecurity. These allowed attackers to exploit the Central Manager remotely, gaining full administrative control over the device. Subsequently, attackers could create unauthorized accounts on any F5 assets managed by the Central Manager, remaining undetected within the system.

The vulnerabilities, collectively known as the “F5 Next ,” were first identified by security researchers from Eclypsium. They disclosed their findings to F5, which subsequently assigned CVE identifiers CVE-2024-21793 and CVE-2024-26026 to the reported vulnerabilities.

Understanding the Next Central Manager Vulnerabilities

Source: Eclypsium

F5 promptly responded to the Next Central Manager vulnerabilities in software version 20.2.0, urging organizations to upgrade to the latest version immediately to mitigate potential risks. However, it's crucial to note that while five vulnerabilities were reported, CVEs were only assigned to two of them.

The Next Central Manager serves as the centralized point of control for managing all tasks across the BIG-IP Next fleet. Despite F5's efforts to enhance security with the Next generation of BIG-IP software, these vulnerabilities highlight the persistent challenges in safeguarding network and application infrastructure.

The vulnerabilities enabled attackers to exploit various aspects of the Central Manager's functionality. For instance, one vulnerability allowed attackers to inject malicious code into OData queries, potentially leading to the leakage of sensitive information, including administrative password hashes. Another vulnerability involved an SQL injection flaw, providing attackers with a means to bypass authentication measures.

Technical Details and Responses to Next Central Manager Vulnerabilities

Furthermore, an undocumented API vulnerability facilitated Server-Side Request Forgery (SSRF) attacks, enabling attackers to call API methods on any BIG-IP Next device. This allowed them to create unauthorized accounts on individual devices, evading detection by the Central Manager.

Additionally, inadequate Bcrypt cost and a flaw allowing administrators to reset their passwords without prior knowledge posed further security risks. These weaknesses significantly lowered the barrier for attackers to compromise the system and maintain unauthorized access.

The implications of these vulnerabilities were profound, as they could be exploited in various attack scenarios. Attackers could exploit the vulnerabilities to gain administrative control, manipulate account credentials, and create hidden accounts on managed devices, undermining the integrity and security of the entire network infrastructure.

In response to these findings, security experts emphasized the importance of proactive security measures and vigilant monitoring of management interfaces. They advised organizations to enforce access control policies and adopt a zero-trust approach to mitigate the risks associated with such vulnerabilities.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button