Undisclosed Requests Can Cause Memory Resource Utilization Increase in NGINX Plus
CVE-2024-39792

7.5HIGH

Key Information:

Vendor: F5
Status: Nginx Plus
Vendor: CVE Published:; 14 August 2024

What is CVE-2024-39792?

A vulnerability exists in NGINX Plus when configured with the MQTT pre-read module. This issue arises when certain undisclosed requests are made, leading to increased memory resource utilization. It is important to note that versions of NGINX Plus that have reached End of Technical Support (EoTS) are not evaluated in this context, emphasizing the need for organizations to stay up-to-date with supported versions to mitigate potential risks.

Affected Version(s)

NGINX Plus R30

References

https://my.f5.com/manage/s/article/K000140108

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2024
Vulnerability Reserved
Jul 22, 2024

F5

What is CVE-2024-39792?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit