Lucene search

GitHub_MVULNRICHMENT:CVE-2024-32480

HistoryApr 22, 2024 - 10:10 p.m.

CVE-2024-32480 LibreNMS's Time-Based Blind SQL injection leads to database extraction

2024-04-2222:10:50

CWE-89

GitHub_M

github.com

cve-2024-32480

librenms

sql injection

database extraction

php

mysql

snmp

network monitoring

vulnerability

version 24.4.0 fix

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The order parameter is obtained from $request. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*"
    ],
    "vendor": "librenms",
    "product": "librenms",
    "versions": [
      {
        "status": "affected",
        "version": "*"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c

github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-32480