CVE-2023-28724

Published: May 3, 2023Modified: Apr 10, 2025

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected (3)

Products: F5: Nginx Api Connectivity Manager, Nginx Instance Manager, Nginx Security Monitoring

3 products

Nginx Api Connectivity Manager

Nginx Instance Manager

Nginx Security Monitoring

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
F5 Nginx Api Connectivity Manager	From 1.0.0 to 1.5.0
F5 Nginx Instance Manager	From 2.0.0 to 2.9.0
F5 Nginx Security Monitoring	From 1.0.0 to 1.3.0

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

https://my.f5.com/manage/s/article/K000133233

Source: f5sirt@f5.com

Vendor Advisory

https://security.netapp.com/advisory/ntap-20230609-0006/

Source: f5sirt@f5.com

Third Party Advisory

https://my.f5.com/manage/s/article/K000133233

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security.netapp.com/advisory/ntap-20230609-0006/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.