Attacks taking over F5 BIG-IP devices could be conducted by exploiting high-severity vulnerabilities impacting the BIG-IP Next Central Manager, tracked as CVE-2024-21793 and CVE-2024-26026, The Hacker News reports.
Aside from obtaining complete administrative privileges to devices, threat actors could also establish new accounts without being detected due to a server-side request forgery flaw that ensures persistent access even if impacted instances have been remediated, according to a report from Eclypsium. Malicious actors could also leverage two other security issues to facilitate brute-force attacks aimed at admin passwords to hinder legitimate device access, said researchers.
"Networking and application infrastructure have become a key target of attackers in recent years. Exploiting these highly privileged systems can give adversaries an ideal way to gain access, spread, and maintain persistence within an environment," said Eclypsium, which urged organizations to immediately update their Next Central Manager instances to version 20.2.0 despite the absence of active exploitation.
