CVE-2024-7634

CWE-22Path Traversal5 documents5 sources
Severity
6.9MEDIUM
EPSS
0.6%
top 29.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 Nginx AgentF5 Nginx Instance Manager
Timeline
PublishedAug 22

Description

NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

CVEListV5f5/nginx_agent2.17.02.37.0
NVDf5/nginx_agent2.17.02.37.0
NVDf5/nginx_instance_manager2.3.12.17.2

🔴Vulnerability Details

2
CVEList
NGINX Agent Vulnerability2024-08-22
GHSA
GHSA-f3wr-j648-3c97: NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the design2024-08-22

📋Vendor Advisories

2
F5
CVE-2024-7634: NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/over...2024-08-22
Red Hat
nginx: Path Traversal vulnerability in NGINX2024-08-22
CVE-2024-7634 (MEDIUM CVSS 6.9) | NGINX Agent's "config_dirs" restric | cvebase.io