An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
f5 big-ip access policy manager |
||
f5 big-ip advanced firewall manager |
||
f5 big-ip carrier-grade nat |
||
f5 big-ip ddos hybrid defender |
||
f5 big-ip ssl orchestrator |
||
f5 big-ip local traffic manager |
||
f5 big-ip policy enforcement manager |
||
f5 big-ip automation toolchain |
||
f5 big-ip container ingress services |
||
f5 big-ip advanced web application firewall |
||
f5 big-ip domain name system |
||
f5 big-ip application security manager |
||
f5 big-ip analytics |
||
f5 big-ip application acceleration manager |
||
f5 big-ip application visibility and reporting |
||
f5 big-ip fraud protection services |
||
f5 big-ip global traffic manager |
||
f5 big-ip link controller |
||
f5 big-ip webaccelerator |
||
f5 big-ip websafe |
New BIG-IP Next Central Manager bugs allow device takeover By Sergiu Gatlan May 8, 2024 03:52 PM 0 F5 has fixed two high-severity BIG-IP Next Central Manager vulnerabilities, which can be exploited to gain admin control and create hidden rogue accounts on any managed assets. Next Central Manager allows administrators to control on-premises or cloud BIG-IP Next instances and services via a unified management user interface. The flaws are an SQL injection vulnerability (CVE-2024-26026) and an ODat...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Full extent of attacks unknown but telecoms thought to be especially exposed
Vulnerabilities in F5's BIG-IP suite are already being exploited after proof of concept (PoC) code began circulating online. The cybersecurity biz confirmed in an update to its advisory for CVE-2023-46747 that it has evidence of active exploitation in the wild, less than five days after the initial limited-detail research was published by Praetorian. This critical Apache JServ Protocol (AJP) smuggling vulnerability was what attracted much of the attention to F5's BIG-IP configuration utility las...