Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-7634

NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory.

Published

2024-08-22T18:15:10.553

Last Modified

2025-01-24T16:14:16.497

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-22
Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	f5	nginx_agent	< 2.37.0	Yes
Application	f5	nginx_instance_manager	< 2.17.2	Yes

References

https://my.f5.com/manage/s/article/K000140630 Vendor Advisory ([email protected])