CVE-2022-35241 - OpenCVE

In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
F5	Nginx Instance Manager

Configuration 1 [-]

OR	cpe:2.3:a:f5:nginx_instance_manager::::::::
	cpe:2.3:a:f5:nginx_instance_manager::::::::

References

Link	Resource
https://support.f5.com/csp/article/K37080719	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: f5

Published: 2022-08-03T00:00:00

Updated: 2022-08-04T17:49:06

Reserved: 2022-07-19T00:00:00

Link: CVE-2022-35241

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-04T18:15:10.597

Modified: 2022-08-10T19:04:33.003

Link: CVE-2022-35241

JSON object: View

Redhat Information

No data.

CWE

CWE-400

{"containers": {"cna": {"affected": [{"product": "NGINX Instance Manager", "vendor": "F5", "versions": [{"lessThan": "2.3.1", "status": "affected", "version": "2.x", "versionType": "custom"}, {"lessThan": "1.x*", "status": "affected", "version": "1.0.0", "versionType": "custom"}]}], "datePublic": "2022-08-03T00:00:00", "descriptions": [{"lang": "en", "value": "In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-04T17:49:06", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.f5.com/csp/article/K37080719"}], "source": {"discovery": "INTERNAL"}, "title": "NGINX Instance Manager vulnerability CVE-2022-35241", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "DATE_PUBLIC": "2022-08-03T14:00:00.000Z", "ID": "CVE-2022-35241", "STATE": "PUBLIC", "TITLE": "NGINX Instance Manager vulnerability CVE-2022-35241"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NGINX Instance Manager", "version": {"version_data": [{"version_affected": "<", "version_name": "2.x", "version_value": "2.3.1"}, {"version_affected": ">=", "version_name": "1.x", "version_value": "1.0.0"}]}}]}, "vendor_name": "F5"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K37080719", "refsource": "MISC", "url": "https://support.f5.com/csp/article/K37080719"}]}, "source": {"discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2022-35241", "datePublished": "2022-08-03T00:00:00", "dateReserved": "2022-07-19T00:00:00", "dateUpdated": "2022-08-04T17:49:06", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9FB6507-FFF7-42B7-BFD1-B8643A882EF3", "versionEndIncluding": "1.0.4", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B28F2BB2-219A-49A4-956C-60B4A09FB9C0", "versionEndExcluding": "2.3.1", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}, {"lang": "es", "value": "En las versiones 2.x anteriores a la 2.3.1 y en todas las versiones de 1.x, cuando es usado NGINX Instance Manager, las peticiones no reveladas pueden causar un aumento en el uso de los recursos del disco. Nota: Las versiones de software que han alcanzado el fin del soporte t\u00e9cnico (EoTS) no son evaluadas"}], "id": "CVE-2022-35241", "lastModified": "2022-08-10T19:04:33.003", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "f5sirt@f5.com", "type": "Secondary"}]}, "published": "2022-08-04T18:15:10.597", "references": [{"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K37080719"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "f5sirt@f5.com", "type": "Primary"}]}