Security Advisory Description An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. (CVE-2024-33612) Impact An unauthenticated attacker with a man-in-the-middle (MITM) position may exploit this vulnerability during the instantiation process to view and modify traffic from BIG-IP Next Central Manager to Instance Provider environments like vSphere, F5 VELOS, or F5 rSeries. Note: An Instance Provider (vSphere, F5 VELOS, or F5 rSeries) can be configured under Providers > Add an Instance Provider or when creating a new BIG-IP Next instance in the Infrastructure menu in the BIG-IP Next Central Manager Configuration utility. For more information and similar procedures, refer to Create the BIG-IP Next instance on BIG-IP Next Central Manager from the VELOS…Read More