Report: Undetectable Threats Found in F5’s Central Manager – Source: www.databreachtoday.com

Network Firewalls, Network Access Control
,
Security Operations

Researchers Discover Major Vulnerabilities in Popular Central Management Platform

Chris Riotta (@chrisriotta) •
May 8, 2024    

Researchers identified major security vulnerabilities in F5’s Next Central Manager that could allow hackers to gain a persistent, undetectable presence within any organization’s network infrastructure connected to F5 assets, according to a Wednesday report.

See Also: Cloud Network Security: The Role of Software Firewalls

The report, published by the supply chain cybersecurity firm Eclypsium, says ongoing research identified “remotely exploitable vulnerabilities in F5’s Next Central Manager that can give attackers full administrative control of the device.”

The newly discovered flaws revolve around CVE-2024-21793 and CVE-2024-26026, which potentially allow threat actors to execute unauthenticated attacks that compromise network security. F5 released patches for these flaws in April.

“All five vulnerabilities were disclosed to F5 in one batch, but F5 only formally assigned CVEs to the two unauthenticated vulnerabilities,” Eclypsium researchers said about the flaws. “We have not confirmed if the other three were fixed at the time of publication.”

F5 did not immediately return requests for comment. Eclypsium said attackers can take advantage of the flaws to open new accounts on any BIG-IP Next asset managed by the company’s Central Manager system.

Network edge devices – which often have patchy endpoint protection and proprietary software that complicates vulnerability detection – have increasingly become a target of state-sponsored hackers and global cybercriminals (see: The Peril of Badly Secured Network Edge Devices).

Mandiant published a report in April warning that attackers were shifting their focus to evasion tactics while “targeting edge devices, leveraging ‘living off the land’ and other techniques, or through the use of zero-day vulnerabilities.”

F5’s Next Central Manager serves as a centralized control point for all life cycle tasks across BIG-IP Next fleets. The tool provides organizations with a unified management user interface for application availability, access control and security solutions.

Once logged into the BIG-IP Next Central Manager, Eclypsium researchers said, an attacker can create on-board accounts that are not visible on the platform. The evasion could allow hackers to remain on the network even after the admin password is reset and the system is patched, according to the report.

Eclypsium urged F5 customers to upgrade to the latest software version 20.2.0 “as soon as possible” and added that it remains unclear whether the additional three vulnerabilities have been patched.