CVE-2024-51092

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions LibreNMS (affected versions not specified)

Description The issue is related to the LibreNMS network monitoring system and concerns the lack of measures to neutralize special elements, which can be exploited by a remote attacker to execute arbitrary code. An authenticated attacker can create malicious directory names and alter sensitive configuration parameters through the web portal, allowing for the injection of arbitrary OS commands inside shell exec() calls. This can lead to arbitrary code execution and server compromise. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Technical details about exploitation include:

API Endpoints: The /about page and the /settings/{key} route via HTTP PUT are involved in the exploitation.
Vulnerable Parameters or Variables: The snmpget configuration variable and the value parameter in the update() method of the SettingsController.php script are vulnerable.
Function Names: The shell exec() function and the initRrdDirectory() method in the PollDevice.php script are used in the exploitation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2024-10289

CVE-2024-51092

GHSA-X645-6PF9-XWXW

Affected Products

Librenms

CVE-2024-51092

Weakness Enumeration

Related Identifiers

Affected Products

References · 18