CyberSecurityBoard
Sponsor Register Login

F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager

F5 on Wednesday announced patches for its BIG-IP Next Central Manager to address potentially dangerous vulnerabilities that experts say could allow attackers to take complete control of a device.
Enterprise firmware and hardware security firm Eclypsium claims to have found a total of five vulnerabilities in the BIG-IP Next Central Manager product, which allows F5 customers to control all of their BIG-IP Next instances and services from a unified management interface.
F5 has only assigned two CVE identifiers and Eclypsium says it's unclear if the remaining three issues have also been addressed.
One of the patched vulnerabilities is CVE-2024-21793, which F5 has classified as 'high severity' and described as an 0Data injection issue that can allow an unauthenticated attacker to execute malicious SQL statements through the Next Central Manager API. The second fixed security hole, identified as CVE-2024-26026, is a SQL injection vulnerability with similar impact that can also be exploited by an unauthenticated attacker.
F5 says no other products beyond Next Central Manager are impacted by these vulnerabilities.
According to Eclypsium, which published technical details and proof-of-concept code for all of the five vulnerabilities on Wednesday, the SQL injection flaws allow a remote attacker to gain full administrative control of a device, while the other weaknesses enable them to create accounts on any F5 asset managed by the Next Central Manager.
Eclypsium has currently found no evidence of in-the-wild exploitation, but BIG-IP product vulnerabilities are known to have been targeted by threat actors.


This Cyber News was published on www.securityweek.com. Publication date: Thu, 09 May 2024 14:43:06 +0000


Cyber News related to F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager

F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager - F5 on Wednesday announced patches for its BIG-IP Next Central Manager to address potentially dangerous vulnerabilities that experts say could allow attackers to take complete control of a device. Enterprise firmware and hardware security firm ...
1 month ago Securityweek.com
2 Bugs in F5 Asset Manager Allow Full Takeover, Hidden Accounts - Newly discovered vulnerabilities in F5 Networks' BIG-IP Next Central Manager could allow an attacker to gain full control over, and create hidden accounts inside of, any F5-brand assets. BIG-IP is the umbrella for F5's various software and hardware ...
1 month ago Darkreading.com
F5 fixes BIG-IP Next Central Manager flaws with public PoCs - Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities affecting F5's BIG-IP Next Central Manager. They are usually deployed by big enterprises - telcos, internet and cloud service ...
1 month ago Helpnetsecurity.com
F5 Developing Fix for BIG-IP Vulnerability That Could Cause Denial of Service and Allow for Code Execution - F5 has warned of a serious format string vulnerability in BIG-IP that could allow an authenticated attacker to cause a denial-of-service and potentially execute malicious code. This security issue, tracked as CVE-2023-22374, affects iControl SOAP, an ...
1 year ago Securityweek.com
New ISC Security Patches Released for 2021: What You Need to Know - The Internet Systems Consortium (ISC), the largest provider of open-source Internet infrastructure software, has released new security patches designed to mitigate data breaches and other cyber threats. These new security patches, released in January ...
1 year ago Thehackernews.com
CVE-2015-7393 - dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, ...
8 years ago
CVE-2015-8099 - F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before ...
5 years ago
CVE-2016-5022 - F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x ...
5 years ago
Vulnerability Recap 5/13/24: F5, Citrix & Chrome - The most dangerous vulnerabilities might be the lesser known Tinyproxy and Cinterion Cellular Modem flaws. The stress and high expense of attacks can be avoided by proactively tracking assets, staying informed, and allocating some resources to ...
1 month ago Esecurityplanet.com
Kaspersky Unveils New Flagship Product Line for Business, Kaspersky Next - PRESS RELEASE. Woburn, MA - April 16, 2024 - Today Kaspersky introduced its new flagship product line, Kaspersky Next, combining robust endpoint protection with the transparency and speed of EDR, alongside the visibility and powerful tools of XDR. ...
2 months ago Darkreading.com
CVE-2015-5516 - Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and Link Controller 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.x before HF6, BIG-IP AAM 11.4.x, 11.5.x before 11.5.3 ...
5 years ago
Key software patch testing best practices - To ensure a predictable rollout when a patch is deployed across your network, it is important to test it first in a nonproduction environment. Companies install software and firmware patches to fix bugs, remove vulnerabilities and add new features, ...
2 months ago Techtarget.com
Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
5 months ago Techtarget.com
CVE-2015-7394 - The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, ...
5 years ago
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 month ago Securityaffairs.com
Holistic Approach To Privacy and Security in Tech - In this article, I would like to explain how I tackle privacy and security issues that are specific for large scale web and mobile applications and Big Tech. First, let's outline some of the biggest challenges Big Tech companies deal with in terms of ...
6 months ago Feeds.dzone.com
How to Keep Your Data Secure: Leaks, Breaches, Patches and Tweaks - In today’s world, data security is more important than ever. With the rise of cybercrime, data breaches, and security threats, it’s essential to stay vigilant when it comes to protecting your data. In this article, we discuss the latest news on ...
1 year ago Nakedsecurity.sophos.com
21 Vulnerabilities in Sierra Wireless Routers Could Expose Critical Infrastructure to Attacks - Some Sierra Wireless cellular routers are affected by 21 vulnerabilities, including ones that could pose a significant risk to impacted organizations, including in critical infrastructure sectors, according to network security and risk management ...
7 months ago Securityweek.com
21 Vulnerabilities in Sierra Wireless Routers Could Expose Critical Infrastructure to Attacks - Some Sierra Wireless cellular routers are affected by 21 vulnerabilities, including ones that could pose a significant risk to impacted organizations, including in critical infrastructure sectors, according to network security and risk management ...
7 months ago Packetstormsecurity.com
Strobes 2023 Pentesting Recap: Trends, Stats, and How PTaaS is Transforming Cybersecurity - This article covers some amazing statistics on what category of vulnerabilities we commonly report across 100s of customers, and how we reduce compliance times and turn around time to reporting critical vulnerabilities. In a different article, we ...
6 months ago Securityboulevard.com
Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
5 months ago Unit42.paloaltonetworks.com
Ivanti discloses fifth vulnerability The Register - In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of ...
4 months ago Go.theregister.com
CVE-2015-3628 - The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and ...
5 years ago
VMWare Patches Two Critical Vulnerabilities - How to Stay Secure - VMWare, one of the leading providers in virtualization solutions, recently released patches for two critical vulnerabilities. The vulnerabilities, identified as CVE-2023-10000 and CVE-2023-20001, have been determined to have severe security ...
1 year ago Thehackernews.com
CVE-2016-5021 - The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x ...
7 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)