Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?



F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager

F5 has patched two potentially serious vulnerabilities in BIG-IP Next that could allow an attacker to take full control of a device.

F5 on Wednesday announced patches for its BIG-IP Next Central Manager to address potentially dangerous vulnerabilities that experts say could allow attackers to take complete control of a device.

Enterprise firmware and hardware security firm Eclypsium claims to have found a total of five vulnerabilities in the BIG-IP Next Central Manager product, which allows F5 customers to control all of their BIG-IP Next instances and services from a unified management interface.

F5 has only assigned two CVE identifiers and Eclypsium says it’s unclear if the remaining three issues have also been addressed.

One of the patched vulnerabilities is CVE-2024-21793, which F5 has classified as ‘high severity’ and described as an 0Data injection issue that can allow an unauthenticated attacker to execute malicious SQL statements through the Next Central Manager API.

The second fixed security hole, identified as CVE-2024-26026, is a SQL injection vulnerability with similar impact that can also be exploited by an unauthenticated attacker.

F5 says no other products beyond Next Central Manager are impacted by these vulnerabilities. 

According to Eclypsium, which published technical details and proof-of-concept (PoC) code for all of the five vulnerabilities on Wednesday, the SQL injection flaws allow a remote attacker to gain full administrative control of a device, while the other weaknesses enable them to create accounts on any F5 asset managed by the Next Central Manager. 

“These attacker-controlled accounts would not be visible from the Next Central Manager itself, enabling ongoing malicious persistence within the environment,” Eclypsium explained.

Advertisement. Scroll to continue reading.

Eclypsium has currently found no evidence of in-the-wild exploitation, but BIG-IP product vulnerabilities are known to have been targeted by threat actors

Related: Critical Vulnerability Exploited to ‘Destroy’ BIG-IP Appliances

Related: F5 Warns of Critical Remote Code Execution Vulnerability in BIG-IP

Related: Technical Details, IoCs Available for Actively Exploited BIG-IP Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights