F5 Central Manager Vulnerabilities: Critical Flaws Discovered

A new report by security firm Eclypsium has revealed two critical vulnerabilities in F5 Next Central Manager that could potentially be exploited by threat actors to take control of devices and create hidden rogue administrator accounts. The flaws, labelled as CVE-2024-21793 and CVE-2024-26026, have a CVSS score of 7.5 each and impact Next Central Manager versions from 20.0.1 to 20.1.0. The vulnerabilities have been patched in version 20.2.0.

If exploited, these vulnerabilities could grant attackers full administrative control of the device, allowing them to create accounts on any F5 assets managed by the Central Manager. What is particularly concerning is that the created accounts would remain hidden from the Central Manager due to a server-side request forgery (SSRF) vulnerability, enabling attackers to maintain persistence even after the system has been patched.

In addition, Eclypsium also identified two more weaknesses that could facilitate brute-force attacks against admin passwords and enable password resets without knowledge of the previous password. This could potentially allow attackers to block legitimate access to the device from any account.

While there are currently no reports of active exploitation in the wild, users are strongly advised to update their instances to the latest version to safeguard against potential threats. As cyberattacks targeting networking and application infrastructure continue to rise, it is crucial for organizations to stay vigilant and prioritize security measures to prevent unauthorized access and maintain the integrity of their systems.