When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 19 Aug 2024 16:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-672
CPEs cpe:2.3:a:f5:nginx_plus:r30:p1:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r30:p2:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r31:-:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r31:p1:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_plus:r32:-:*:*:*:*:*:*

Thu, 15 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 nginx Plus
CPEs cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*
Vendors & Products F5
F5 nginx Plus
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 14 Aug 2024 14:45:00 +0000

Type Values Removed Values Added
Description When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title NGINX Plus MQTT vulnerability
Weaknesses CWE-825
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2024-08-15T14:01:37.776Z

Reserved: 2024-07-22T19:43:52.870Z

Link: CVE-2024-39792

cve-icon Vulnrichment

Updated: 2024-08-15T14:01:03.662Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-14T15:15:26.580

Modified: 2024-08-19T16:20:28.967

Link: CVE-2024-39792

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.