Application security, Threat Intelligence, Endpoint/Device Security

Total device hijacking possible with critical F5 Central Manager bugs

Update software application and hardware upgrade technology concept, Firmware or Operating System update, Man using computer with comfirm button and percent progress bar screen. Installing app patch.

Attacks taking over F5 BIG-IP devices could be conducted by exploiting high-severity vulnerabilities impacting the BIG-IP Next Central Manager, tracked as CVE-2024-21793 and CVE-2024-26026, The Hacker News reports.

Aside from obtaining complete administrative privileges to devices, threat actors could also establish new accounts without being detected due to a server-side request forgery flaw that ensures persistent access even if impacted instances have been remediated, according to a report from Eclypsium. Malicious actors could also leverage two other security issues to facilitate brute-force attacks aimed at admin passwords to hinder legitimate device access, said researchers.

"Networking and application infrastructure have become a key target of attackers in recent years. Exploiting these highly privileged systems can give adversaries an ideal way to gain access, spread, and maintain persistence within an environment," said Eclypsium, which urged organizations to immediately update their Next Central Manager instances to version 20.2.0 despite the absence of active exploitation.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.