Lucene search

F5CVE-2024-7634

HistoryAug 22, 2024 - 6:15 p.m.

CVE-2024-7634

2024-08-2218:15:10

CWE-22

web.nvd.nist.gov

nginx

agent

config_dirs

restriction

vulnerability

attacker

write

overwrite

files

secure directory

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CVSS4

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/SC:N/VI:H/SI:N/VA:N/SA:N

AI Score

5.2

Confidence

High

EPSS

Percentile

11.1%

JSON

NGINX Agent’s “config_dirs” restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "Agent"
    ],
    "product": "NGINX Agent",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "2.37.0",
        "status": "affected",
        "version": "2.17.0",
        "versionType": "custom"
      }
    ]
  }
]

References

my.f5.com/manage/s/article/K000140630

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CVSS4

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/SC:N/VI:H/SI:N/VA:N/SA:N

AI Score

5.2

Confidence

High

EPSS

Percentile

11.1%

JSON

Related for CVE-2024-7634