CVE-2024-7634 — MEDIUM (4.9)

Q: What is CVE-2024-7634?

CVE-2024-7634 is a vulnerability with a CVSS score of 4.9 (MEDIUM). NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory.

Q: How severe is CVE-2024-7634?

CVE-2024-7634 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-7634?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Nginx Agent, F5 Nginx Instance Manager.

Vulnerability Description

NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory.

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
F5	Nginx Agent	>= 2.17.0, < 2.37.0
F5	Nginx Instance Manager	>= 2.3.1, < 2.17.2

Related Weaknesses (CWE)

CWE-22

References

https://my.f5.com/manage/s/article/K000140630Vendor Advisory

FAQ

What is CVE-2024-7634?

CVE-2024-7634 is a vulnerability with a CVSS score of 4.9 (MEDIUM). NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory.

How severe is CVE-2024-7634?

CVE-2024-7634 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-7634?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Nginx Agent, F5 Nginx Instance Manager.