Lucene search
K

7 matches found

0day.today
0day.today
added 2024/03/27 12:0 a.m.1455 views

OpenNMS Horizon 31.0.7 Remote Command Execution Exploit

This Metasploit module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLEFILESYSTEMEDITOR privileges and either ROLEADMIN or ROLEREST. For versio...

8.2CVSS8.3AI score0.02951EPSS
Exploits3
Metasploit
Metasploit
added 2024/03/21 7:49 p.m.1864 views

OpenNMS Horizon Authenticated RCE

This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLEFILESYSTEMEDITOR privileges and either ROLEADMIN or ROLEREST. For versions 32.0.1 a...

8.2CVSS8.3AI score0.02951EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/03/21 12:0 a.m.600 views

OpenNMS Horizon 31.0.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenNMS Horizon Authenticated RCE', 'Description' = %q This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitra...

8.2CVSS7.4AI score0.02951EPSS
Exploits3
Circl
Circl
added 2023/08/14 10:19 p.m.17 views

CVE-2023-0872

creationtimestamp| type| source ---|---|--- 2023-08-14 22:19:41+00:00| seen| https://t.me/cibsecurity/68469 2024-03-20 20:10:21+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/opennmshorizonauthenticatedrce.rb 2024-03-21 21:45:46+00:00|...

8.2CVSS7.8AI score0.02951EPSS
Exploits3References3
NVD
NVD
added 2023/08/14 6:15 p.m.33 views

CVE-2023-0872

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...

8.2CVSS8.1AI score0.02951EPSS
Exploits3References2
Cvelist
Cvelist
added 2023/08/14 5:21 p.m.46 views

CVE-2023-0872 ROLE_REST can be used to escalate to ROLE_ADMIN via /rest/users

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...

8.2CVSS8.3AI score0.02951EPSS
Exploits3References2
CVE
CVE
added 2023/08/14 5:21 p.m.2737 views

CVE-2023-0872

OpenNMS Horizon CVE-2023-0872 affects Horizon REST API users endpoint in Horizon 31.0.8 and older than 32.0.2, enabling privilege elevation (to admin) via REST. The issue stems from role escalation between ROLE_REST and ROLE_ADMIN when accessing /rest/users, with confirmed guidance that upgrading...

8.2CVSS7.8AI score0.02951EPSS
Exploits3References2Affected Software2
Rows per page
Query Builder