Introduction In May 2024, new vulnerabilities have been identified in BIG-IP Next Central Manager, raising considerable security concerns. This discovery follows closely on the heels of a critical vulnerability revealed in April within Palo Alto's firewalls with enabled GlobalProtect feature, which permitted unauthorized command execution. These recent findings underscore the persistent challenges in ensuring cybersecurity defenses and prompt updates for security solutions themselves. The vulnerabilities in BIG-IP Next Central Manager were discovered and published by Eclypsium research group. In total, five vulnerabilities were discovered, but only two of them were assigned CVEs. An intriguing aspect of these vulnerabilities, including the ones with not-assigned CVEs, is how they can be organically linked in a kill chain, progressing from no initial access to covert control of multiple devices managed by Next Central Manager. Technical details of the vulnerabilities F5 Next Central Manager is a centralized management tool for administering F5 application services. It offers a unified interface for configuring, monitoring, and orchestrating various F5 devices and services across different environments. This makes F5 Next Central Manage a critical asset and a valuable target for the attacks. SQL and ODATA injections The first two vulnerabilities, SQL and OData injections, are the most critical. Both vulnerabilities can be exploited by unauthenticated attacks with network…Read More