NGINX Management Suite vulnerability

CVE-2023-28724

7.1HIGH

Key Information

Vendor
F5
Status
NGINX Instance Manager
NGINX API Connectivity Manager
NGINX Security Monitoring
Vendor
CVE Published:
3 May 2023

Summary

NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager.  

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Version(s)

NGINX Instance Manager < 2.9.0

NGINX Instance Manager < 1.0.0

NGINX API Connectivity Manager < 1.5.0

Refferences

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

F5
.