PT-2022-19795 · Librenms · Librenms

Darek Jensen

Published

2022-05-31

Updated

2022-06-09

CVE-2022-29712

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibreNMS version 22.3.0

Description The issue is related to multiple command injection vulnerabilities. These vulnerabilities can be exploited via the service ip, hostname, and service param parameters.

Recommendations For LibreNMS version 22.3.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

CVE-2022-29712

GHSA-23F2-VGR6-FWV7

Affected Products

Librenms

PT-2022-19795 · Librenms · Librenms

CVE-2022-29712

Weakness Enumeration

Related Identifiers

Affected Products

References · 7