When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
They are tracked as CVE-2024-26026 and CVE-2024-21793, and are found in the NCM API.
By abusing these bugs, threat actors could run malicious SQL statements on vulnerable endpoints from a distance.
OpenVPN-protokollet - därför är det så bra
This would result in full administrative control of the manager itself," the researchers explained.
Notably, these new malicious accounts would not be visible from the Central Manager itself."
It provides capabilities for configuration management, policy enforcement, monitoring, and reporting across distributed environments.
According to Shodans figures, there are more than 10,000 F5 BIG-IP devices with open management ports.
F5 also shared a workaround for admins who are unable to implement the patch at this time.
ViaBleepingComputer
