OData Injection Vulnerability in F5 Networks' BIG-IP Next Central Manager API

CVE-2024-21793

7.5HIGH

Key Information

Vendor: F5
Status: Big-ip Next Central Manager
Vendor: CVE Published:; 8 May 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Version(s)

BIG-IP Next Central Manager < 20.2.0

News Articles

Tenable

CVE-2024-21793CVE-2024-26026

CVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities

Researchers disclose multiple vulnerabilities in F5 BIG-IP Next Central Manager and provide proof-of-concept exploit code, which could lead to exposure of hashed passwords.

6 months ago

SOC Prime

CVE-2024-21793CVE-2024-26026

CVE-2024-21793 and CVE-2024-26026 Detection: Exploitation of Critical F5 Central Manager Vulnerabilities Can Lead to Full System Compromise - SOC Prime

Detect CVE-2024-21793 and CVE-2024-26026 exploitation attempts, critical flaws in F5 Next Central Manager, with relevant Sigma rules from SOC Prime.

6 months ago

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
May 9, 2024
First article discovered by SOC Prime
May 9, 2024
Vulnerability published.
May 8, 2024
Vulnerability Reserved.
Apr 24, 2024

Collectors

NVD DatabaseMitre Database2 News Article(s)

Credit

F5 acknowledges Vladyslav Babkin of Eclypsium for bringing this issue to our attention and following the highest standards of coordinated disclosure.