OData Injection Vulnerability in F5 Networks' BIG-IP Next Central Manager API
CVE-2024-21793
Key Information:
- Vendor
- F5
- Vendor
- CVE Published:
- 8 May 2024
Badges
Summary
An OData injection vulnerability has been identified in the BIG-IP Next Central Manager API, potentially allowing attackers to exploit the API through crafted OData requests. This vulnerability impacts the integrity and availability of the affected products, emphasizing the need for immediate awareness and remediation strategies. It's important to note that software versions which have reached End of Technical Support (EoTS) are not evaluated for this vulnerability. Users are advised to apply appropriate security patches to mitigate the risk associated with this vulnerability.
Affected Version(s)
BIG-IP Next Central Manager 20.0.1 < 20.2.0
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
CybersecurityNewsNew F5 Next-Gen Manager Flaw Let Attackers Take Full Admin Control
F5 Big IP has been discovered with two critical vulnerabilities that could potentially allow a threat actor to take full administrative
8 months ago
TenableCVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities
Researchers disclose multiple vulnerabilities in F5 BIG-IP Next Central Manager and provide proof-of-concept exploit code, which could lead to exposure of hashed passwords.
8 months ago
CVE-2024-21793 and CVE-2024-26026 Detection: Exploitation of Critical F5 Central Manager Vulnerabilities Can Lead to Full System Compromise - SOC Prime
Detect CVE-2024-21793 and CVE-2024-26026 exploitation attempts, critical flaws in F5 Next Central Manager, with relevant Sigma rules from SOC Prime.
8 months ago
References
CVSS V3.1
Timeline
- π°
Used in Ransomware
- πΎ
Exploit known to exist
- π°
First article discovered by SOC Prime
Vulnerability published
Vulnerability Reserved