F5 Networks BIG-IP Next Central Manager API SQL Injection Vulnerability

Summary

CVE-2024-26026 is an SQL injection vulnerability in the F5 Networks BIG-IP Next Central Manager API, which could lead to the exposure of sensitive information, including password hashes and administrator password hash. F5 has released a patch to address this vulnerability in the affected versions. The researchers at Eclypsium have also shared public proof-of-concept exploit code for this vulnerability and disclosed that there are other vulnerabilities in the BIG-IP Next Central Manager that have not been assigned CVEs. While there are no known exploitations by ransomware groups, there is a historical pattern of F5 vulnerabilities being targeted by various attackers, so organizations are urged to upgrade to the fixed version as soon as possible or restrict management access to trusted users and devices as a mitigation measure. Additionally, a well-funded attacker could potentially crack password hashes due to the inadequate cost factor in the hashed passwords, making it crucial for organizations to address this vulnerability promptly.

News Articles

Tenable

CVE-2024-21793CVE-2024-26026

CVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities

Researchers disclose multiple vulnerabilities in F5 BIG-IP Next Central Manager and provide proof-of-concept exploit code, which could lead to exposure of hashed passwords.

7 months ago

SOC Prime

CVE-2024-21793CVE-2024-26026

CVE-2024-21793 and CVE-2024-26026 Detection: Exploitation of Critical F5 Central Manager Vulnerabilities Can Lead to Full System Compromise - SOC Prime

Detect CVE-2024-21793 and CVE-2024-26026 exploitation attempts, critical flaws in F5 Next Central Manager, with relevant Sigma rules from SOC Prime.

7 months ago