Flash Notice: Two F5 BIG-IP Vulnerabilities Allow for Complete Takeover

overview

Two critical vulnerabilities have been found in F5's Next Central Manager. These vulnerabilities, tracked as CVE-2024-21793 (OData injection) and CVE-2024-26026 (SQL injection), have a CVSS score of 7.5. The vulnerabilities impact F5 Next Central Manager versions ranging from 20.0.1 to 20.1.0.  

CVE-2024-26026 

If this vulnerability is successfully exploited, it could result in remote code execution within the service account's context. Depending on the permissions granted to the service account, an attacker may be able to install software, access, modify, or delete data, or create new accounts with extensive user privileges.  

CVE-2024-21793 

This vulnerability is an SQL injection vulnerability and could allow unauthorized attackers to execute malicious SQL commands via the API of the BIG-IP Next Center Manager. Like the vulnerability above, CVE-2024-21793 allows threat actors to execute malicious code remotely, granting them full administrative control over affected devices.  

Although neither vulnerability has been exploited in the wild, F5 users are strongly encouraged to update to the latest software versions, 20.2.0. Network administrators should implement stringent access controls and be on the lookout for any signs of unauthorized access or suspicious activity. 

avertium's recommendationS

• Both vulnerabilities affect Next Central Manager versions ranging from 20.0.1 to 20.1.0. However, these issues have been resolved in version 20.2.0. 
• CVE-2024-26026 – For information on patching, please see F5’s advisory.  
• CVE-2024-21793 – For information on patching, please see F5’s advisory.  

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with the above vulnerabilities. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

How Avertium is Protecting Our CUSTOMERS

• Fusion MXDR  is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 
• Avertium aligns your Cybersecurity Strategy with your business strategy, ensuring that your investment in security is also an investment in your business. Our Cybersecurity Strategy service includes:  
  • Strategic Security Assessments - Strengthening your security posture begins with knowing where your current program stands (NIST CSF, Security Architecture, Business Impact Analysis, Sensitive Data Inventory, Network Virtualization and Cloud Assessment). 
  • Threat Mapping – Leverage Avertium’s Cyber Threat Intelligence, getting a more informed view of your most likely attack scenarios (Threat Assessment and MITRE ATT&CK). 
  • Cyber Maturity Roadmap - Embrace a comprehensive, quantifiable, and well-organized approach to establishing and continuously enhancing your cybersecurity resilience (Policy + Procedure Development, Virtual CISO (VCISO), Training + Enablement, Tabletop Exercises, and Business Continuity + Disaster Recovery Plan). 

SUPPORTING DOCUMENTATION