CVE-2024-33612 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2024-33612
An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de validación de certificados incorrecta en BIG-IP Next Central Manager y puede permitir que un atacante se haga pasar por un sistema de proveedor de instancias. Una explotación exitosa de esta vulnerabilidad puede permitir al atacante cruzar un límite de seguridad. • https://my.f5.com/manage/s/article/K000139012 • CWE-295: Improper Certificate Validation •
CVE-2024-32049 – BIG-IP Next Central Manager vulnerability
https://notcve.org/view.php?id=CVE-2024-32049
BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Next Central Manager (CM) puede permitir que un atacante remoto no autenticado obtenga las credenciales de la instancia BIG-IP Next LTM/WAF. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan. • https://my.f5.com/manage/s/article/K000138634 • CWE-300: Channel Accessible by Non-Endpoint •