CVE-2018-20434

Name of the Vulnerable Software and Affected Versions: LibreNMS version 1.46

Description: The issue allows remote attackers to execute arbitrary OS commands. This is achieved by using the community parameter in the html/pages/addhost.inc.php page during the creation of a new device. Then, by making a request to the /ajax output.php?id=capture&format=text&type=snmpwalk&hostname=localhost endpoint, it triggers command mishandling in html/includes/output/capture.inc.php.

Recommendations: For LibreNMS version 1.46, as a temporary workaround, consider restricting access to the html/pages/addhost.inc.php page and the /ajax output.php endpoint to minimize the risk of exploitation. Avoid using the community parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.