Unrated severityNVD Advisory· Published May 3, 2023· Updated Feb 13, 2025

NGINX Management Suite vulnerability

CVE-2023-28724

Description

NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected products

F5, Inc./Nginx Api Connectivity Managerv5
Range: 1.0.0
F5 Networks, Inc./Nginx Instance Managerv5
Range: 2.0.0
F5, Inc./Nginx Security Monitoringv5
Range: 1.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

my.f5.com/manage/s/article/K000133233mitrevendor-advisory
security.netapp.com/advisory/ntap-20230609-0006/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000