Tuesday, May 21, 2024
HomeNewsCritical F5 Central Manager Vulnerabilities Puts Clients at Risk of Full Device...

Critical F5 Central Manager Vulnerabilities Puts Clients at Risk of Full Device Takeover

The two critical security vulnerabilities are tagged CVE-2024-21793 and CVE-2024-26026. CVE-2024-21793 has a CVSS score of 7.5. It’s a 0Data  injection vulnerability capable of allowing unauthenticated attackers to gain enough access to execute malicious SQL statements via the BIG-IP NEXT Central Manager API. The CVE-2024-26026 has a CVSS score of 7.5. It’s an SQL injection vulnerability capable of letting unauthorized attackers execute malicious SQL statements through the BIG-IP Next Central Manager API. According to a report by Eclypsium, “the flaw gives attackers the full administrative control of the device and subsequently allows attackers to create accounts on any F5 assets managed by the Next Central Manager.”

Ivanti Connect Secure Flaws Gets Exploited by Mirai Botnet for Malicious Payload Delivery.

Two vulnerabilities tagged CVE-2023-46805 and CVE-2024-21887 become tools that threat actors exploit to deploy the Mirai botnet. Juniper Threat Labs confirmed this activity. More details about the vulnerabilities revealed CVE-2023-46805 and CVE-2024-21887 aid access to the “/api/v1/license/key-status/;” endpoint known for command and payload injection vulnerability. The CVE-2023-46805 is an authentication bypass flaw, while the CVE-2024-21887 is a command injection vulnerability. Together, they aid the attacker’s successful exploitation.

Corr & Corr, an accounting firm with over 50 employees and a revenue of $ 5 million, has fallen victim to the exploitation of the Everest ransomware group. This firm, specializing in audit, taxation, business consultancy, grant advice, corporate finance, and restructuring, has experienced significant disruption due to the attack.

Zuber Gardner is another victim of recent ransomware attacks by the Everest ransomware group. The company is a full-service accounting and tax planning firm specializing in accounting, tax planning, consulting, and bookkeeping. It has over 10 employees and a revenue of $5 million. 

Dragon Tax & Management suffered a ransomware attack orchestrated by the Bianlian ransomware group. The company is famous for tax planning, bookkeeping, tax services, financial services, consultation, real estate, tech tax, management consulting, business management, tax preparation, and investment. It has over 200 employees and a revenue of $5 million.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular