F5 NGINX Agent
cpe:2.3:a:f5:nginx_agent:*:*:*:*:*:*:*
- >= 2.37.0, <= 2.46.5
A vulnerability exists in the NGINX Agent's config_dirs directive, which can be managed through NGINX Instance Manager. This issue allows a low-privileged, remotely authenticated attacker to read and write files outside the designated secure directory, potentially crossing important security boundaries.
Exploitation of this vulnerability could lead to unauthorized file access and modification, allowing attackers to read or write files outside of the intended directory restrictions.
Users can upgrade to NGINX Agent version 2.47.0 or NGINX Instance Manager version 2.22.1 to address this vulnerability.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.