Speculative race condition in BIG-IP Next Central Manager
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2024-26602 CVE-2024-2193 CVE-2023-46747 |
| CWE-ID | CWE-400 CWE-362 CWE-288 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #3 is being exploited in the wild. |
| Vulnerable software Subscribe |
BIG-IP Next Central Manager Web applications / Remote management & hosting panels |
| Vendor | F5 Networks |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU87499
Risk: Low
CVSSv3.1: 5.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2024-26602
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management in kernel/sched/membarrier.c. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBIG-IP Next Central Manager: 20.0.1 - 20.2.0
CPE2.3- cpe:2.3:a:f5_networks:big-ip_next_central_manager:20.1.0:*:*:*:*:*:*:
- cpe:2.3:a:f5_networks:big-ip_next_central_manager:20.0.2:*:*:*:*:*:*:
- cpe:2.3:a:f5_networks:big-ip_next_central_manager:20.0.1:*:*:*:*:*:*:
http://my.f5.com/manage/s/article/K000140297
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Race condition
EUVDB-ID: #VU87374
Risk: Low
CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2024-2193
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a speculative race condition. A local user can exploit the race and gain unauthorized access to contents of arbitrary host memory, including memory assigned to other guests.
The vulnerability was dubbed GhostRace.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBIG-IP Next Central Manager: 20.0.1 - 20.2.0
CPE2.3- cpe:2.3:a:f5_networks:big-ip_next_central_manager:20.1.0:*:*:*:*:*:*:
- cpe:2.3:a:f5_networks:big-ip_next_central_manager:20.0.2:*:*:*:*:*:*:
- cpe:2.3:a:f5_networks:big-ip_next_central_manager:20.0.1:*:*:*:*:*:*:
http://my.f5.com/manage/s/article/K000140297
http://my.f5.com/manage/s/article/K000139682
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Authentication bypass using an alternate path or channel
EUVDB-ID: #VU82544
Risk: High
CVSSv3.1: 9.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C]
CVE-ID: CVE-2023-46747
CWE-ID:
CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper authentication in the Configuration utility. A remote non-authenticated attacker can send a specially crafted requests to the system, bypass authentication and execute arbitrary commands on the device.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBIG-IP Next Central Manager: 20.0.1 - 20.2.0
CPE2.3- cpe:2.3:a:f5_networks:big-ip_next_central_manager:20.1.0:*:*:*:*:*:*:
- cpe:2.3:a:f5_networks:big-ip_next_central_manager:20.0.2:*:*:*:*:*:*:
- cpe:2.3:a:f5_networks:big-ip_next_central_manager:20.0.1:*:*:*:*:*:*:
http://my.f5.com/manage/s/article/K000140297
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
