What is CVE-2023-28724?

CVE-2023-28724 is a high-severity vulnerability in F5 Nginx Api Connectivity Manager, classified under Incorrect Default Permissions. CVSS score: 7.1/10. Published 2023-05-03.

How severe is CVE-2023-28724?

High severity. CVSS v3 base score is 7.1 out of 10.

Vulnerability in F5 Nginx Api Connectivity Manager

CVE-2023-28724

NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached E…

EPSS: 0.002 (6.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

F5 Nginx Api Connectivity Manager — versions 1.0.0
F5 Nginx_api_connectivity_manager
F5 Nginx Instance Manager — versions 2.0.0, 1.0.0
F5 Nginx_instance_manager
F5 Nginx Security Monitoring — versions 1.0.0
F5 Nginx_security_monitoring

Weakness classification (CWE)

CWE-276 — Incorrect Default Permissions

References

f5sirt@f5.com (vendor-advisory, Vendor Advisory)
f5sirt@f5.com (Third Party Advisory)

Frequently asked questions

What is CVE-2023-28724?: CVE-2023-28724 is a high-severity vulnerability in F5 Nginx Api Connectivity Manager, classified under Incorrect Default Permissions. CVSS score: 7.1/10. Published 2023-05-03.
How severe is CVE-2023-28724?: High severity. CVSS v3 base score is 7.1 out of 10.