Nginx Agent
Monthly
Path traversal in F5 NGINX Agent via the config_dirs directive enables a remotely authenticated low-privileged attacker to read and write files outside of the directories designated as secure in the agent's configuration. The config_dirs directive can be set directly in the NGINX Agent configuration or through NGINX Instance Manager, expanding the attack surface across both products. No public exploit code or active exploitation has been identified at time of analysis, and a vendor patch is available per F5 advisory K000161971.
NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Insertion of Sensitive Information into log file vulnerability in NGINX Agent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Path traversal in F5 NGINX Agent via the config_dirs directive enables a remotely authenticated low-privileged attacker to read and write files outside of the directories designated as secure in the agent's configuration. The config_dirs directive can be set directly in the NGINX Agent configuration or through NGINX Instance Manager, expanding the attack surface across both products. No public exploit code or active exploitation has been identified at time of analysis, and a vendor patch is available per F5 advisory K000161971.
NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Insertion of Sensitive Information into log file vulnerability in NGINX Agent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.