Lucene search

F5VULNRICHMENT:CVE-2024-7634

HistoryAug 22, 2024 - 6:07 p.m.

CVE-2024-7634 NGINX Agent Vulnerability

2024-08-2218:07:31

CWE-22

github.com

nginx

agent

config_dirs

restriction

privilege escalation

vulnerability

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CVSS4

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/SC:N/VI:H/SI:N/VA:N/SA:N

AI Score

6.9

Confidence

Low

EPSS

Percentile

11.1%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

NGINX Agent’s “config_dirs” restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory.

References

my.f5.com/manage/s/article/K000140630

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CVSS4

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/SC:N/VI:H/SI:N/VA:N/SA:N

AI Score

6.9

Confidence

Low

EPSS

Percentile

11.1%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-7634