CVE-2024-39792

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://my.f5.com/manage/s/article/K000140108	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f5:nginx_plus:r30:-::::::
	cpe:2.3:a:f5:nginx_plus:r30:p1::::::
	cpe:2.3:a:f5:nginx_plus:r30:p2::::::
	cpe:2.3:a:f5:nginx_plus:r31:-::::::
	cpe:2.3:a:f5:nginx_plus:r31:p1::::::
	cpe:2.3:a:f5:nginx_plus:r32:-::::::

History

19 Aug 2024, 16:20

Type	Values Removed	Values Added
First Time		F5 F5 nginx Plus
CPE		cpe:2.3:a:f5:nginx_plus:r32:-:::::: cpe:2.3:a:f5:nginx_plus:r30:-:::::: cpe:2.3:a:f5:nginx_plus:r31:-:::::: cpe:2.3:a:f5:nginx_plus:r30:p1:::::: cpe:2.3:a:f5:nginx_plus:r30:p2:::::: cpe:2.3:a:f5:nginx_plus:r31:p1::::::
Summary		(es) Cuando NGINX Plus está configurado para utilizar el módulo de lectura previa MQTT, las solicitudes no reveladas pueden provocar un aumento en la utilización de recursos de memoria. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan.
CWE		CWE-672
References	~~() https://my.f5.com/manage/s/article/K000140108 -~~	() https://my.f5.com/manage/s/article/K000140108 - Vendor Advisory

14 Aug 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-14 15:15

Updated : 2024-08-19 16:20

NVD link : CVE-2024-39792

Mitre link : CVE-2024-39792

CVE.ORG link : CVE-2024-39792

JSON object : View

Products Affected

f5

nginx_plus

CWE

CWE-672

Operation on a Resource after Expiration or Release

CWE-825

Expired Pointer Dereference

{"id": "CVE-2024-39792", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "f5sirt@f5.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "f5sirt@f5.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 8.7, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-08-14T15:15:26.580", "references": [{"url": "https://my.f5.com/manage/s/article/K000140108", "tags": ["Vendor Advisory"], "source": "f5sirt@f5.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-672"}]}, {"type": "Secondary", "source": "f5sirt@f5.com", "description": [{"lang": "en", "value": "CWE-825"}]}], "descriptions": [{"lang": "en", "value": "When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}, {"lang": "es", "value": " Cuando NGINX Plus est\u00e1 configurado para utilizar el m\u00f3dulo de lectura previa MQTT, las solicitudes no reveladas pueden provocar un aumento en la utilizaci\u00f3n de recursos de memoria. Nota: Las versiones de software que han llegado al final del soporte t\u00e9cnico (EoTS) no se eval\u00faan."}], "lastModified": "2024-08-19T16:20:28.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96BF2B19-52C7-4051-BA58-CAE6F912B72F"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r30:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EBEC829-7EED-487E-974D-BBA704DFBF0A"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r30:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0648596-D1F5-4A7A-B7F8-104E3AF26317"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r31:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8248517E-D805-4928-8252-2168472341EF"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r31:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D5BB4C0-B862-4CDD-AA54-1BC1BDF27005"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r32:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36C4308E-651E-437C-84E7-10C542E3ADC2"}], "operator": "OR"}]}], "sourceIdentifier": "f5sirt@f5.com"}