Vulnerability Details CVE-2023-28724
NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.4%
CVSS Severity
CVSS v3 Score 7.1
References
Products affected by CVE-2023-28724
-
cpe:2.3:a:f5:nginx_api_connectivity_manager:1.0.0
-
cpe:2.3:a:f5:nginx_api_connectivity_manager:1.4.1
-
cpe:2.3:a:f5:nginx_instance_manager:2.0.0
-
cpe:2.3:a:f5:nginx_instance_manager:2.0.1
-
cpe:2.3:a:f5:nginx_instance_manager:2.1.0
-
cpe:2.3:a:f5:nginx_instance_manager:2.2.0
-
cpe:2.3:a:f5:nginx_instance_manager:2.3.0
-
cpe:2.3:a:f5:nginx_instance_manager:2.3.1
-
cpe:2.3:a:f5:nginx_instance_manager:2.4.0
-
cpe:2.3:a:f5:nginx_instance_manager:2.5.0
-
cpe:2.3:a:f5:nginx_instance_manager:2.5.1
-
cpe:2.3:a:f5:nginx_instance_manager:2.6.0
-
cpe:2.3:a:f5:nginx_instance_manager:2.7.0
-
cpe:2.3:a:f5:nginx_instance_manager:2.8.0
-
cpe:2.3:a:f5:nginx_security_monitoring:1.0.0
-
cpe:2.3:a:f5:nginx_security_monitoring:1.2.0