Rewterz Threat Alert – KLBanker Banking Trojan – Active IOCs
May 3, 2023Rewterz Threat Advisory –Multiple Zyxel Products Vulnerabilities
May 4, 2023Rewterz Threat Alert – KLBanker Banking Trojan – Active IOCs
May 3, 2023Rewterz Threat Advisory –Multiple Zyxel Products Vulnerabilities
May 4, 2023Severity
High
Analysis Summary
CVE-2023-28724
F5 NGINX Management Suite could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in the default file permissions. By sending a specially-crafted request, an attacker could exploit this vulnerability to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-28724
Affected Vendors
F5
Affected Products
- F5 NGINX Instance Manager 2.0.0
- F5 NGINX Instance Manager 2.3.0
- F5 NGINX Instance Manager 1.0.0
- F5 NGINX Ingress Controller 2.4.0
Remediation
Refer to F5 Security Advisory for patch, upgrade or suggested workaround information.