OData Injection Vulnerability in F5 Networks' BIG-IP Next Central Manager API

CVE-2024-21793

9.8CRITICAL

Key Information

Vendor
F5
Status
Big-ip Next Central Manager
Vendor
CVE Published:
8 May 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Version(s)

BIG-IP Next Central Manager < 20.2.0

News Articles

favicon imageTenable

CVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities

Researchers disclose multiple vulnerabilities in F5 BIG-IP Next Central Manager and provide proof-of-concept exploit code, which could lead to exposure of hashed passwords.

7 months ago

favicon imageSOC Prime

CVE-2024-21793 and CVE-2024-26026 Detection: Exploitation of Critical F5 Central Manager Vulnerabilities Can Lead to Full System Compromise - SOC Prime

Detect CVE-2024-21793 and CVE-2024-26026 exploitation attempts, critical flaws in F5 Next Central Manager, with relevant Sigma rules from SOC Prime.

7 months ago

Refferences

https://my.f5.com/manage/s/article/K000138732
vendor-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • First article discovered by SOC Prime

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database2 News Article(s)

Credit

F5 acknowledges Vladyslav Babkin of Eclypsium for bringing this issue to our attention and following the highest standards of coordinated disclosure.
.