F5-K000140630
First published: Thu Aug 22 2024(Updated: )
NGINX Agent's config_dirs restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 NGINX Agent | >=2.17.0<=2.36.1 | 2.37.0 |
| F5 NGINX Instance Manager | >=2.3.1<=2.17.1=3 | 2.17.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of F5-K000140630?
The severity of F5-K000140630 is high due to the potential for a highly privileged attacker to write or overwrite files.
How do I fix F5-K000140630?
To fix F5-K000140630, upgrade to NGINX Agent version 2.37.0 or NGINX Instance Manager version 2.17.2.
What versions are affected by F5-K000140630?
F5-K000140630 affects NGINX Agent versions between 2.17.0 and 2.36.1 and NGINX Instance Manager versions between 2.3.1 and 2.17.1.
Who is affected by F5-K000140630?
Organizations using F5 NGINX Agent or F5 NGINX Instance Manager with the specified vulnerable versions are affected by F5-K000140630.
What impact does F5-K000140630 have on security?
F5-K000140630 can lead to unauthorized file access and potential exploitation by attackers due to file write/overwrite vulnerabilities.
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/type
- agent/event
- collector/f5-advisory
- source/F5
- alias/CVE-2024-7634
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/f5
- canonical/f5 nginx agent
- version/f5 nginx agent/2.17.0
- version/f5 nginx agent/2.36.1
- canonical/f5 nginx instance manager
- version/f5 nginx instance manager/2.3.1
- version/f5 nginx instance manager/2.17.1
- version/f5 nginx instance manager/3