Critical Security Vulnerabilities in F5 BIG-IP Next Central Manager

May 11, 2024

F5 Networks recently disclosed multiple critical security vulnerabilities in its BIG-IP Next Central Manager, a crucial component for managing traffic in large networks. These vulnerabilities, identified as CVE-2024-33612, CVE-2024-33604, and CVE-2024-32049, pose significant risks to network security if not addressed promptly. This article provides an overview of these vulnerabilities and their potential impact on network security.

### CVE-2024-33612: Improper Certificate Validation

The first vulnerability, CVE-2024-33612, is an improper certificate validation issue in the BIG-IP Next Central Manager. This vulnerability allows an unauthenticated attacker with a man-in-the-middle (MITM) position to exploit the instantiation process and view and modify traffic from BIG-IP Next Central Manager to Instance Provider environments like vSphere, F5 VELOS, or F5 rSeries[1]. This vulnerability has a CVSS score of 6.8 Medium and is considered a significant risk due to its potential to allow an attacker to impersonate an Instance Provider system and cross a security boundary[1].

### CVE-2024-33604: Reflected Cross-Site Scripting (XSS)

The second vulnerability, CVE-2024-33604, is a reflected cross-site scripting (XSS) vulnerability in the BIG-IP configuration utility. This vulnerability allows an attacker to execute JavaScript in the context of a logged-in user, potentially enabling the attacker to steal sensitive information or take control of the user's session[1]. This vulnerability has a CVSS score of 6.7 Medium and is considered a medium-risk vulnerability due to its potential to compromise user sessions[1].

### CVE-2024-32049: Unauthenticated Access to Instance Credentials

The third vulnerability, CVE-2024-32049, is a security issue in BIG-IP Next Central Manager (CM) that allows an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials[1]. This vulnerability has a CVSS score of 6.8 Medium and is considered a significant risk due to its potential to allow an attacker to gain unauthorized access to sensitive network infrastructure[1].

### Impact and Mitigation

These vulnerabilities pose significant risks to network security, particularly for organizations that rely heavily on BIG-IP appliances for load balancing, DDoS mitigation, and data inspection and encryption. The vulnerabilities can be exploited to gain full administrative control of devices, create hidden accounts, and extract sensitive data, including password hashes[2]. It is crucial for users to apply the recommended software updates and follow security best practices to minimize the potential for exploitation[1][2].

### Conclusion

The recent disclosure of these critical security vulnerabilities in F5 BIG-IP Next Central Manager highlights the importance of regular security updates and patching to ensure network security. Users are advised to prioritize patching these vulnerabilities, especially given the recent surge in attacks targeting VPNs, firewalls, load balancers, and other network edge devices[2].

Citations:

[1] https://vulners.com/f5/F5:K000139012

[2] https://threatprotect.qualys.com/2024/05/09/f5-big-ip-next-central-manager-multiple-vulnerabilities-cve-2024-21793-cve-2024-26026/

[3] https://arstechnica.com/security/2024/05/critical-vulnerabilities-in-big-ip-appliances-leave-big-networks-open-to-intrusion/

[4] https://www.cybersecurity-help.cz/vdb/SB2024050926

[5] https://my.f5.com/manage/s/article/K000139012